nanog mailing list archives

Re: Is there a line of defense against Distributed Reflective attacks?

From: alex () yuriev com
Date: Thu, 23 Jan 2003 09:58:31 -0500 (EST)

Sure, but this like all other attacks of this sort can be tracked... and
so the pain is over /quickly/ provided you can track it quickly :) Also,
sometimes null routes are ok.


How quickly is quickly? Often times as has been my recent experience
(part of my motivation for posting this thread) the flood is over before
one can get a human being on the phone.


Once the call arrives and the problem is deduced it can be tracked in a
matter of minutes, like 6-10 at the fastest...


So if one wants to create a really nasty, largely untrackable problem, 
one just needs to mount a set of attacks that last 3-4 minutes at a time?

This is a very bad band-aid. The solution is amazingly simple - make it
uneconomical to have unprotected networks, the same way as it is
uneconomical for businesses that rely on internet for critical
communications not to have a firewall in place when purchasing business
interruption insurance. 

Alex

Current thread:

Re: Is there a line of defense against Distributed Reflective attacks?, (continued)
- - - Re: Is there a line of defense against Distributed Reflective attacks? Travis Pugh (Jan 16)
    - Re: Is there a line of defense against Distributed Reflective attacks? Valdis . Kletnieks (Jan 16)
    - Re: Is there a line of defense against Distributed Reflective attacks? Christopher L. Morrow (Jan 16)
    - Re: Is there a line of defense against Distributed Reflective attacks? hc (Jan 16)
    - Re: Is there a line of defense against Distributed Reflective attacks? hc (Jan 16)
    - Re: Is there a line of defense against Distributed Reflective attacks? Hank Nussbacher (Jan 16)
    - Re: Is there a line of defense against Distributed Reflective attacks? Sean Donelan (Jan 17)
    - Re: Is there a line of defense against Distributed Reflective attacks? Vadim Antonov (Jan 17)
    - Re: Is there a line of defense against Distributed Reflective attacks? Richard Irving (Jan 17)
    - Re: Is there a line of defense against Distributed Reflective attacks? Christopher L. Morrow (Jan 17)
    - Re: Is there a line of defense against Distributed Reflective attacks? alex (Jan 23)
    - Re: Is there a line of defense against Distributed Reflective attacks? Michael Lamoureux (Jan 23)
    - Re: Is there a line of defense against Distributed Reflective attacks? alex (Jan 27)
    - Re: Is there a line of defense against Distributed Reflective attacks? Jack Bates (Jan 27)
    - Re: Is there a line of defense against Distributed Reflective attacks? E.B. Dreger (Jan 27)
    - Re: Is there a line of defense against Distributed Reflective attacks? Valdis . Kletnieks (Jan 27)
- Re: Is there a line of defense against Distributed Reflective attacks? Christopher L. Morrow (Jan 16)
  - Re: Is there a line of defense against Distributed Reflective attacks? Brad Laue (Jan 16)
    - Re: Is there a line of defense against Distributed Reflective attacks? hc (Jan 16)
    - Re: Is there a line of defense against Distributed Reflective attacks? Christopher L. Morrow (Jan 16)
    - Re: Is there a line of defense against Distributed Reflective attacks? Valdis . Kletnieks (Jan 16)

(Thread continues...)