nanog mailing list archives

Re: [long] Re: DDoS: CAR vs TCP-Intercept vs NetFlow

From: Paul Ferguson <ferguson () cisco com>
Date: Mon, 28 Feb 2000 23:31:32 -0500


At 11:15 PM 02/28/2000 -0500, Richard Steenbergen wrote:

Be careful with flow when dealing with random src or random dst (for
example, an attack which elicits a victim system to send replies to random
destinations) attacks, or it may not help you much (as the flow cache gets
max'd).


Just like they say about vitamin fortified cereals, "it's in there".

The flow-switching creature features have enough functionality to
trace an attacker back to its source. Yes, its painful. Yes, it has
to be done in real-time. Yes, actually, it has been done before. No,
there is no other real way to do it.

People: Start source filtering so we can get beyond these inane
discussions.

- paul

Current thread:

DDoS: CAR vs TCP-Intercept vs NetFlow Rubens Kuhl Jr. (Feb 28)
- Re: DDoS: CAR vs TCP-Intercept vs NetFlow Richard Steenbergen (Feb 28)
- [long] Re: DDoS: CAR vs TCP-Intercept vs NetFlow Paul Ferguson (Feb 28)
  - RE: [long] Re: DDoS: CAR vs TCP-Intercept vs NetFlow Rubens Kuhl Jr. (Feb 28)
    - RE: [long] Re: DDoS: CAR vs TCP-Intercept vs NetFlow Paul Ferguson (Feb 28)
    - RE: [long] Re: DDoS: CAR vs TCP-Intercept vs NetFlow Vijay Gill (Feb 28)
    - Message not available
    - RE: [long] Re: DDoS: CAR vs TCP-Intercept vs NetFlow Paul Ferguson (Feb 28)
    - Re: [long] Re: DDoS: CAR vs TCP-Intercept vs NetFlow Valdis . Kletnieks (Feb 28)
    - Re: [long] Re: DDoS: CAR vs TCP-Intercept vs NetFlow Richard Steenbergen (Feb 28)
    - Re: [long] Re: DDoS: CAR vs TCP-Intercept vs NetFlow Paul Ferguson (Feb 28)