nanog mailing list archives

RE: Over a decade of DDOS--any progress yet?

From: Drew Weaver <drew.weaver () thenap com>
Date: Fri, 10 Dec 2010 15:33:46 -0500

Nobody has really driven the point home that yes you can purchase a system from Arbor, RioRey, make your own mitigation 
system; what-have you, but you still have to pay for the transit to digest the attack, which is probably the main cost 
right now.

-Drew


-----Original Message-----
From: Dobbins, Roland [mailto:rdobbins () arbor net] 
Sent: Wednesday, December 08, 2010 11:54 AM
To: North American Operators' Group
Subject: Re: Over a decade of DDOS--any progress yet?


On Dec 8, 2010, at 11:47 PM, Jay Coley wrote:

This has been our recent experience as well.


I see a link-filling attacks with some regularity; but again, what I'm saying is simply that they aren't as prevalent 
as they used to be, because the attackers don't *need* to fill links in order to achieve their goals, in many cases.

That being said, high-bandwidth DNS reflection/amplification attacks tip the scales, every time.

Lastly there is usually always someone at the other end of these attacks watching what is working and what is not



This is a very important point - determined attackers will observe and react in order to try and defeat successful 
countermeasures, so the defenders must watch for shifting attack vectors.

-----------------------------------------------------------------------
Roland Dobbins <rdobbins () arbor net> // <http://www.arbornetworks.com>

               Sell your computer and buy a guitar.

Current thread:

Re: Over a decade of DDOS--any progress yet?, (continued)
- - - Re: Over a decade of DDOS--any progress yet? Dobbins, Roland (Dec 08)
    - Re: Over a decade of DDOS--any progress yet? Jack Bates (Dec 08)
    - Re: Over a decade of DDOS--any progress yet? Jeffrey Lyon (Dec 08)
    - Re: Over a decade of DDOS--any progress yet? Jack Bates (Dec 08)
    - RE: Over a decade of DDOS--any progress yet? Drew Weaver (Dec 08)
    - RE: Over a decade of DDOS--any progress yet? Randy McAnally (Dec 08)
    - RE: Over a decade of DDOS--any progress yet? Drew Weaver (Dec 10)
    - Re: Over a decade of DDOS--any progress yet? Dobbins, Roland (Dec 08)
    - Re: Over a decade of DDOS--any progress yet? Jay Coley (Dec 08)
    - Re: Over a decade of DDOS--any progress yet? Dobbins, Roland (Dec 08)
    - RE: Over a decade of DDOS--any progress yet? Drew Weaver (Dec 10)
    - Re: Over a decade of DDOS--any progress yet? Joel Jaeggli (Dec 10)
    - Re: Over a decade of DDOS--any progress yet? Dobbins, Roland (Dec 10)
    - Re: Over a decade of DDOS--any progress yet? Christopher Morrow (Dec 11)
    - Re: Over a decade of DDOS--any progress yet? Jeffrey Lyon (Dec 11)
    - Re: Over a decade of DDOS--any progress yet? Christopher Morrow (Dec 11)
    - RE: Over a decade of DDOS--any progress yet? Drew Weaver (Dec 13)
    - Re: Over a decade of DDOS--any progress yet? Christopher Morrow (Dec 13)
    - Re: Over a decade of DDOS--any progress yet? Aaron Glenn (Dec 11)
    - Re: Over a decade of DDOS--any progress yet? Christopher Morrow (Dec 11)
    - Re: Over a decade of DDOS--any progress yet? Loránd Jakab (Dec 13)

(Thread continues...)