nanog mailing list archives
RE: Upsurge in attacks?
From: "David Schwartz" <davids () webmaster com>
Date: Tue, 4 Sep 2001 20:24:03 -0700
On Tue, 4 Sep 2001, Chris Rapier wrote:
Note: We only really start to give a damn when attacks start to suck up more than 20Mbps on its own. Anything less than that is either not worth the hassle or gets lost in the noise. Our position as a GigaPOP eliminates a few potential areas of concern.
That's nice to know. So, If we see <20Mb/s attack from psc.edu, to get your attention and make sure you give a damn about the initial problem, we should counter-attack with 50-60Mb/s or so? Is that the official stance of psc.edu?
I hope he was talking about attacks on him (inbound to him) rather than
attacks originating on his network. However, if you ignore a 20Mbps attack,
you may wind up launching your own 20Mbps attack unwittingly.
For example, if someone sends you spoofed TCP SYN packets, you may respond
with an equal number of ICMP unreachable packets, flooding an innocent
victim. So you generally cannot ignore 'small' floods, even if they're not
harming you. At least, that is, if you care about who you hurt.
DS
Current thread:
- Re: Upsurge in attacks?, (continued)
- Re: Upsurge in attacks? Eric Whitehill (Sep 04)
- Re: Upsurge in attacks? mike harrison (Sep 04)
- Re: Upsurge in attacks? Paul Walmsley (Sep 04)
- RE: Upsurge in attacks? Deepak Jain (Sep 04)
- Re: Upsurge in attacks? Paul Walmsley (Sep 04)
- Re: Upsurge in attacks? John Fraizer (Sep 04)
- Re: Upsurge in attacks? Joel Baker (Sep 04)
- Re: Upsurge in attacks? John Fraizer (Sep 04)
- Re: Upsurge in attacks? Joel Baker (Sep 04)
- Re: Upsurge in attacks? John Fraizer (Sep 04)
- Re: Upsurge in attacks? Chris Rapier (Sep 04)
- Re: Upsurge in attacks? John Fraizer (Sep 04)
- RE: Upsurge in attacks? David Schwartz (Sep 04)
- Re: Upsurge in attacks? Todd Suiter (Sep 04)
- Re: Upsurge in attacks? John Fraizer (Sep 04)