nanog mailing list archives
Re: Is there a line of defense against Distributed Reflective attacks?
From: Sean Donelan <sean () donelan com>
Date: Sat, 18 Jan 2003 21:22:14 -0500 (EST)
On Sat, 18 Jan 2003, Steven M. Bellovin wrote:
theory, trace a single packet. But the real problem with either idea is this: suppose that you know, unambiguously and unequivocally, that 750 zombies are attacking you. What do you do with that information?
The reality is its not 750 zombies, its generally one person controlling 750 zombies attacking you. The firefighter approach is not a complete solution. Putting out the fire is only part of the answer. You also need to stop the arsonist from setting more fires and improve the building codes to reduce the risk. We need to do more than just waiting for complaints and putting in more and more null routes all over the network. On the other hand, ingress filtering is not a complete solution either. There are some things some networks can do easier than other networks. But there isn't just one fix which will work for everyone, or which will solve the problem. Null routes alone didn't solve the spam problem, and I doubt it will solve the DDOS problem. So how do we 1) Make end-user systems less vulnerable to being compromised 2) Track and stop DDOS quickly when it does happen 3) Find and convict the true attacker
Current thread:
- OT: Re: FW: Re: Is there a line of defense against Distributed Reflective attacks?, (continued)
- OT: Re: FW: Re: Is there a line of defense against Distributed Reflective attacks? Petri Helenius (Jan 22)
- Re: OT: Re: FW: Re: Is there a line of defense against Distributed Reflective attacks? Marshall Eubanks (Jan 22)
- Re: OT: Re: FW: Re: Is there a line of defense against Distributed Reflective attacks? Petri Helenius (Jan 23)
- Re: FW: Re: Is there a line of defense against Distributed Reflective attacks? Vijay Gill (Jan 22)
- Re: Streaming Video Bandwidth Requirements, WAS: FW: Re: Is there a line of defense against Distributed Reflective attacks? Numetra (Jan 24)
- Re: FW: Re: Is there a line of defense against Distributed Reflective attacks? Damian Gerow (Jan 22)
- Re: FW: Re: Is there a line of defense against Distributed Reflective attacks? Damian Gerow (Jan 22)
- ISPs not liable for hostile code sent between users Sean Donelan (Jan 23)
- Re: ISPs not liable for hostile code sent between users Jack Bates (Jan 23)
- Re: Is there a line of defense against Distributed Reflective attacks? Sean Donelan (Jan 18)
- Re: Is there a line of defense against Distributed Reflective attacks? E.B. Dreger (Jan 18)
- Re: Is there a line of defense against Distributed Reflective attacks? Sean Donelan (Jan 19)
- RE: Is there a line of defense against Distributed Reflective attacks? Deepak Jain (Jan 19)
- Re: Is there a line of defense against Distributed Reflective attacks? David G. Andersen (Jan 19)
- RE: Is there a line of defense against Distributed Reflective attacks? Deepak Jain (Jan 19)
- Re: Is there a line of defense against Distributed Reflective attacks? David Howe (Jan 20)
- OT: Is there a line of defense against Distributed Reflective attacks? Al Rowland (Jan 20)