nanog mailing list archives
Re: [long] Re: DDoS: CAR vs TCP-Intercept vs NetFlow
From: Paul Ferguson <ferguson () cisco com>
Date: Mon, 28 Feb 2000 23:31:32 -0500
At 11:15 PM 02/28/2000 -0500, Richard Steenbergen wrote:
Be careful with flow when dealing with random src or random dst (for example, an attack which elicits a victim system to send replies to random destinations) attacks, or it may not help you much (as the flow cache gets max'd).
Just like they say about vitamin fortified cereals, "it's in there". The flow-switching creature features have enough functionality to trace an attacker back to its source. Yes, its painful. Yes, it has to be done in real-time. Yes, actually, it has been done before. No, there is no other real way to do it. People: Start source filtering so we can get beyond these inane discussions. - paul
Current thread:
- DDoS: CAR vs TCP-Intercept vs NetFlow Rubens Kuhl Jr. (Feb 28)
- Re: DDoS: CAR vs TCP-Intercept vs NetFlow Richard Steenbergen (Feb 28)
- [long] Re: DDoS: CAR vs TCP-Intercept vs NetFlow Paul Ferguson (Feb 28)
- RE: [long] Re: DDoS: CAR vs TCP-Intercept vs NetFlow Rubens Kuhl Jr. (Feb 28)
- RE: [long] Re: DDoS: CAR vs TCP-Intercept vs NetFlow Paul Ferguson (Feb 28)
- RE: [long] Re: DDoS: CAR vs TCP-Intercept vs NetFlow Vijay Gill (Feb 28)
- Message not available
- RE: [long] Re: DDoS: CAR vs TCP-Intercept vs NetFlow Paul Ferguson (Feb 28)
- Re: [long] Re: DDoS: CAR vs TCP-Intercept vs NetFlow Valdis . Kletnieks (Feb 28)
- RE: [long] Re: DDoS: CAR vs TCP-Intercept vs NetFlow Rubens Kuhl Jr. (Feb 28)
- Re: [long] Re: DDoS: CAR vs TCP-Intercept vs NetFlow Richard Steenbergen (Feb 28)
- Re: [long] Re: DDoS: CAR vs TCP-Intercept vs NetFlow Paul Ferguson (Feb 28)