nanog mailing list archives
Re: [Tier1 ISP] : Vulnerable to a new DDoS amplification attack
From: Roland Dobbins <rdobbins () arbor net>
Date: Fri, 23 Dec 2016 00:04:03 +0700
On 22 Dec 2016, at 23:56, Tom Beecher wrote:
What he did was send 1500 byte ICMP packets with a max TTL at an IP address that is not reachable due to a routing loop.
Same here. Here's some context I sent him: <https://www.usenix.org/legacy/events/imc05/tech/full_papers/xia/xia_html/imc05-paper-128-final.html> <http://nanog.org/meetings/nanog36/presentations/xia.pdf> <https://youtu.be/cWF4p5EuvQk>Note related discussion of mitigation tactics here (e.g., TTL-based filtering via tACLs):
<http://www.cisco.com/c/en/us/about/security-center/ttl-expiry-attack.html> ----------------------------------- Roland Dobbins <rdobbins () arbor net>
Current thread:
- Re: [Tier1 ISP]: Vulnerable to a new DDoS amplification attack, (continued)
- Re: [Tier1 ISP]: Vulnerable to a new DDoS amplification attack Alexander Lyamin (Dec 22)
- Re: [Tier1 ISP]: Vulnerable to a new DDoS amplification attack j.j.santanna (Dec 22)
- Re: [Tier1 ISP]: Vulnerable to a new DDoS amplification attack Jean | ddostest.me via NANOG (Dec 22)
- Re: [Tier1 ISP]: Vulnerable to a new DDoS amplification attack Tom Beecher (Dec 22)
- Re: [Tier1 ISP]: Vulnerable to a new DDoS amplification attack Jean | ddostest.me via NANOG (Dec 22)
- Re: [Tier1 ISP] : Vulnerable to a new DDoS amplification attack Roland Dobbins (Dec 22)
- Re: [Tier1 ISP]: Vulnerable to a new DDoS amplification attack Tom Beecher (Dec 22)
- Re: [Tier1 ISP]: Vulnerable to a new DDoS amplification attack Ken Chase (Dec 22)
- Re: [Tier1 ISP]: Vulnerable to a new DDoS amplification attack William Herrin (Dec 22)
- Re: [Tier1 ISP]: Vulnerable to a new DDoS amplification attack Tom Beecher (Dec 22)
- Re: [Tier1 ISP] : Vulnerable to a new DDoS amplification attack Roland Dobbins (Dec 22)
- Re: [Tier1 ISP]: Vulnerable to a new DDoS amplification attack Alexander Lyamin (Dec 22)
- Re: [Tier1 ISP]: Vulnerable to a new DDoS amplification attack Alexander Lyamin (Dec 22)
- Re: [Tier1 ISP]: Vulnerable to a new DDoS amplification attack j.j.santanna (Dec 22)
- Re: [Tier1 ISP]: Vulnerable to a new DDoS amplification attack Mike Hammett (Dec 22)
- Re: [Tier1 ISP]: Vulnerable to a new DDoS amplification attack Alexander Lyamin (Dec 22)
- Re: [Tier1 ISP]: Vulnerable to a new DDoS amplification attack Mike Hammett (Dec 22)