nanog mailing list archives
Re: UDP port 80 DDoS attack
From: Keegan Holley <keegan.holley () sungard com>
Date: Sun, 5 Feb 2012 20:37:34 -0500
2012/2/5 Dobbins, Roland <rdobbins () arbor net>
On Feb 6, 2012, at 8:10 AM, Keegan Holley wrote:An entire power point just to recommend ACL's, uRPF, CPP, DHCP snooping,and RTBH? Actually, no, that isn't the focus of the preso.The first four will not work against a DDOS attackThis is incorrect - suggest you read the preso.
The ACL's are configured on the routers belonging to the victim AS which will not save their access pipe if it's overrun unless I'm missing something. uRPF may help with spoofed traffic, but sometimes causes problems with multi-homing and is often more harmful than helpful depending on the network design.
and the last one just kills the patient so he does not infect otherpatients. S/RTBH - as opposed to D/RTBH - doesn't kill the patient. Again, suggest you read the preso.
Source RTBH often falls victim to rapidly changing or spoofed source IP"s. It also isn't as widely supported as it should be. I never said DDOS was hopeless, there just aren't a wealth of defenses against it.
Current thread:
- UDP port 80 DDoS attack Ray Gasnick III (Feb 05)
- Re: UDP port 80 DDoS attack Fredrik Holmqvist / I2B (Feb 05)
- RE: UDP port 80 DDoS attack Drew Weaver (Feb 08)
- Re: UDP port 80 DDoS attack Keegan Holley (Feb 05)
- Re: UDP port 80 DDoS attack Dobbins, Roland (Feb 05)
- Re: UDP port 80 DDoS attack Keegan Holley (Feb 05)
- Re: UDP port 80 DDoS attack Dobbins, Roland (Feb 05)
- Re: UDP port 80 DDoS attack Dobbins, Roland (Feb 05)
- Re: UDP port 80 DDoS attack Keegan Holley (Feb 05)
- Re: UDP port 80 DDoS attack Dobbins, Roland (Feb 05)
- Re: UDP port 80 DDoS attack Keegan Holley (Feb 05)
- Re: UDP port 80 DDoS attack Dobbins, Roland (Feb 05)
- Re: UDP port 80 DDoS attack bas (Feb 07)
- RE: UDP port 80 DDoS attack George Bonser (Feb 08)
- Re: UDP port 80 DDoS attack Keegan Holley (Feb 08)
- RE: UDP port 80 DDoS attack George Bonser (Feb 08)
- Re: UDP port 80 DDoS attack Keegan Holley (Feb 08)
- RE: UDP port 80 DDoS attack George Bonser (Feb 08)
- RE: UDP port 80 DDoS attack George Bonser (Feb 08)
- Re: UDP port 80 DDoS attack Dobbins, Roland (Feb 05)
- Re: UDP port 80 DDoS attack Fredrik Holmqvist / I2B (Feb 05)