nanog mailing list archives
Re: Is there a line of defense against Distributed Reflective attacks?
From: "Christopher L. Morrow" <chris () UU NET>
Date: Fri, 17 Jan 2003 05:20:59 +0000 (GMT)
On Fri, 17 Jan 2003, hc wrote:
Good point. I suppose another basic but effective method of prevention would be egress filtering. An increasing minority of network providers are instituting it, but it doesn't seem like it will be a widespread thing in the near-term.Yes, but egress filtering is only effective by far. Anyone can forge the source to an IP address that belongs to one of the /16's a provider advertises.
filter close to the end host, this limits (mostly) to the local /24 or /25 or /2(>5)...
It will help of course, but really not The solution... Or is there one?
haha, there isn't one :( since even with no spoofing you can muster an army of 100,000 IIS servers still scanning for nimda :(
Current thread:
- Re: Is there a line of defense against Distributed Reflective attacks?, (continued)
- Re: Is there a line of defense against Distributed Reflective attacks? Christopher L. Morrow (Jan 17)
- Re: Is there a line of defense against Distributed Reflective attacks? alex (Jan 23)
- Re: Is there a line of defense against Distributed Reflective attacks? Michael Lamoureux (Jan 23)
- Re: Is there a line of defense against Distributed Reflective attacks? alex (Jan 27)
- Re: Is there a line of defense against Distributed Reflective attacks? Jack Bates (Jan 27)
- Re: Is there a line of defense against Distributed Reflective attacks? E.B. Dreger (Jan 27)
- Re: Is there a line of defense against Distributed Reflective attacks? Valdis . Kletnieks (Jan 27)
- Re: Is there a line of defense against Distributed Reflective attacks? Brad Laue (Jan 16)
- Re: Is there a line of defense against Distributed Reflective attacks? hc (Jan 16)
- Re: Is there a line of defense against Distributed Reflective attacks? Christopher L. Morrow (Jan 16)
- Re: Is there a line of defense against Distributed Reflective attacks? Valdis . Kletnieks (Jan 16)
- Re: Is there a line of defense against Distributed Reflective attacks? David G. Andersen (Jan 16)
- Re: Is there a line of defense against Distributed Reflective attacks? Christopher L. Morrow (Jan 17)
- Re: Is there a line of defense against Distributed Reflective attacks? David G. Andersen (Jan 17)
- Re: Is there a line of defense against Distributed Reflective attacks? Christopher L. Morrow (Jan 17)
- Re: Is there a line of defense against Distributed Reflective attacks? Clayton Fiske (Jan 17)
- Re: Is there a line of defense against Distributed Reflective attacks? Haesu (Jan 17)