nanog mailing list archives

Re: Is there a line of defense against Distributed Reflective attacks?

From: Michael Lamoureux <lamour () mail argfrp us uu net>
Date: 23 Jan 2003 21:47:04 -0500


 "alex" == alex  <alex () yuriev com> writes:

Sure, but this like all other attacks of this sort can be
tracked... and so the pain is over /quickly/ provided you can
track it quickly :) Also, sometimes null routes are ok.


How quickly is quickly? Often times as has been my recent
experience (part of my motivation for posting this thread) the
flood is over before one can get a human being on the phone.


Once the call arrives and the problem is deduced it can be tracked
in a matter of minutes, like 6-10 at the fastest...


alex> So if one wants to create a really nasty, largely untrackable
alex> problem, one just needs to mount a set of attacks that last 3-4
alex> minutes at a time?

Sure, that's one way to make it difficult.


alex> This is a very bad band-aid. The solution is amazingly simple -

Just to be clear, the solution to WHAT is amazingly simple?


alex> make it uneconomical to have unprotected networks,

For whom to have unprotected networks?  What constitutes a protected
network?  How does one make it uneconomical enough?


wondering,
Michael

Current thread:

Re: Is there a line of defense against Distributed Reflective attacks?, (continued)
- - - Re: Is there a line of defense against Distributed Reflective attacks? Valdis . Kletnieks (Jan 16)
    - Re: Is there a line of defense against Distributed Reflective attacks? Christopher L. Morrow (Jan 16)
    - Re: Is there a line of defense against Distributed Reflective attacks? hc (Jan 16)
    - Re: Is there a line of defense against Distributed Reflective attacks? hc (Jan 16)
    - Re: Is there a line of defense against Distributed Reflective attacks? Hank Nussbacher (Jan 16)
    - Re: Is there a line of defense against Distributed Reflective attacks? Sean Donelan (Jan 17)
    - Re: Is there a line of defense against Distributed Reflective attacks? Vadim Antonov (Jan 17)
    - Re: Is there a line of defense against Distributed Reflective attacks? Richard Irving (Jan 17)
    - Re: Is there a line of defense against Distributed Reflective attacks? Christopher L. Morrow (Jan 17)
    - Re: Is there a line of defense against Distributed Reflective attacks? alex (Jan 23)
    - Re: Is there a line of defense against Distributed Reflective attacks? Michael Lamoureux (Jan 23)
    - Re: Is there a line of defense against Distributed Reflective attacks? alex (Jan 27)
    - Re: Is there a line of defense against Distributed Reflective attacks? Jack Bates (Jan 27)
    - Re: Is there a line of defense against Distributed Reflective attacks? E.B. Dreger (Jan 27)
    - Re: Is there a line of defense against Distributed Reflective attacks? Valdis . Kletnieks (Jan 27)
- Re: Is there a line of defense against Distributed Reflective attacks? Christopher L. Morrow (Jan 16)
  - Re: Is there a line of defense against Distributed Reflective attacks? Brad Laue (Jan 16)
    - Re: Is there a line of defense against Distributed Reflective attacks? hc (Jan 16)
    - Re: Is there a line of defense against Distributed Reflective attacks? Christopher L. Morrow (Jan 16)
    - Re: Is there a line of defense against Distributed Reflective attacks? Valdis . Kletnieks (Jan 16)
  - Re: Is there a line of defense against Distributed Reflective attacks? alex (Jan 23)

(Thread continues...)