nanog mailing list archives
Re: DDOS solution recommendation
From: Valdis.Kletnieks () vt edu
Date: Mon, 12 Jan 2015 11:35:58 -0500
On Mon, 12 Jan 2015 18:06:57 +1100, Mark Andrews said:
The ISP will very likely not see ANY traffic originating from spoofed IP destined to your server.They will see the reply traffic and will see the acks increasing etc.
Assuming they think to *look* for it. 99.8% of ISPs will get a complaint "Your IP w.x.y.z is sending me spam", drop a tap on the IP address, see no matching outbound traffic, and hit delete on the complaint. They will almost certainly not think to look in something like the ICMP port unreachable packets the address is sending to some *other* address. (Remember, the compromised relay machine has to send *very* little info back to the actual sending box - TCP sequence numbers, maybe windows, and SMTP reply codes that can be encoded in 1 byte or even less)
Attachment:
_bin
Description:
Current thread:
- Re: DDOS solution recommendation, (continued)
- Re: DDOS solution recommendation Phil Bedard (Jan 11)
- Re: DDOS solution recommendation Patrick W. Gilmore (Jan 11)
- Re: DDOS solution recommendation Mike Hammett (Jan 11)
- Re: DDOS solution recommendation Patrick W. Gilmore (Jan 11)
- Re: DDOS solution recommendation Mike Hammett (Jan 11)
- Re: DDOS solution recommendation Damian Menscher (Jan 11)
- Re: DDOS solution recommendation Grant Taylor (Jan 11)
- Re: DDOS solution recommendation Mark Andrews (Jan 11)
- Re: DDOS solution recommendation Grant Taylor (Jan 11)
- Re: DDOS solution recommendation Mark Andrews (Jan 11)
- Re: DDOS solution recommendation Valdis . Kletnieks (Jan 12)
- Re: DDOS solution recommendation Brandon Ross (Jan 12)
- Re: DDOS solution recommendation Christopher Morrow (Jan 12)
- Re: DDOS solution recommendation Mike Hammett (Jan 12)
- Re: DDOS solution recommendation Christopher Morrow (Jan 12)
- Re: DDOS solution recommendation Roland Dobbins (Jan 12)
- Re: DDOS solution recommendation William F. Maton Sotomayor (Jan 12)
- Re: DDOS solution recommendation Scott Fisher (Jan 12)
- Re: DDOS solution recommendation Roland Dobbins (Jan 12)
- Re: DDOS solution recommendation Brandon Ross (Jan 13)
- Re: DDOS solution recommendation Valdis . Kletnieks (Jan 12)