nanog mailing list archives
Re: WANTED: ISPs with DDoS defense solutions
From: Petri Helenius <pete () he iki fi>
Date: Thu, 31 Jul 2003 09:24:34 +0300
Paul Vixie wrote:
lots of late night pondering tonight. the anti-nat anti-firewall pure-end-to-end crowd has always argued in favour of "every host for itself" but in a world with a hundred million unmanaged but reprogrammable devices is that really practical?
The most popular applications today either prefer or require bidirectional connectivity. Peer2peer traffic is about half of total and there can be only so many "corporate sponsored" SuperNodes . Also, games and some other applications, like SIP and other VoIP stuffrequire to be able to connect to the remote host. Obviously you can engineer
around all this but then, fixing the host is also "just software".
if *all* dsl and cablemodem plants firewalled inbound SYN packets and/or only permitted inbound UDP in direct response to prior valid outbound UDP, would rob really have seen a ~140Khost botnet this year?
Sure. One late remote exploit requires just a embedded MIDI file on a web page which MS's browser will be happy to download and "execute". Or did you think that the NAT box would allow only text based browsing and provide HTTP to Gopher translation?While you are at it, make sure all email-clients are safe and immune to viruses.
Pete
Current thread:
- Re: WANTED: ISPs with DDoS defense solutions, (continued)
- Re: WANTED: ISPs with DDoS defense solutions Rob Thomas (Jul 30)
- Re: WANTED: ISPs with DDoS defense solutions Paul Vixie (Jul 30)
- Re: WANTED: ISPs with DDoS defense solutions Henry Linneweh (Jul 30)
- Re: WANTED: ISPs with DDoS defense solutions Randy Bush (Jul 30)
- Re: WANTED: ISPs with DDoS defense solutions variable (Jul 31)
- Re: WANTED: ISPs with DDoS defense solutions Petri Helenius (Jul 31)
- Re: WANTED: ISPs with DDoS defense solutions Stephen J. Wilcox (Jul 31)
- Re: WANTED: ISPs with DDoS defense solutions Rob Thomas (Jul 31)
- Re: WANTED: ISPs with DDoS defense solutions Petri Helenius (Jul 30)
- Re: WANTED: ISPs with DDoS defense solutions Paul Vixie (Jul 30)
- Re: WANTED: ISPs with DDoS defense solutions Petri Helenius (Jul 30)
- Re: WANTED: ISPs with DDoS defense solutions Vadim Antonov (Jul 31)
- Re: WANTED: ISPs with DDoS defense solutions Petri Helenius (Jul 31)
- Re: WANTED: ISPs with DDoS defense solutions Stephen J. Wilcox (Jul 31)
- Re: WANTED: ISPs with DDoS defense solutions Paul Vixie (Jul 31)
- Re: WANTED: ISPs with DDoS defense solutions Paul Vixie (Jul 31)
- Re: WANTED: ISPs with DDoS defense solutions Dave Israel (Jul 31)
- Re: WANTED: ISPs with DDoS defense solutions Vadim Antonov (Jul 31)
- Re: WANTED: ISPs with DDoS defense solutions Omachonu Ogali (Jul 31)
- Re: WANTED: ISPs with DDoS defense solutions Petri Helenius (Jul 31)
- Re: WANTED: ISPs with DDoS defense solutions Omachonu Ogali (Jul 31)