nanog mailing list archives
Re: WANTED: ISPs with DDoS defense solutions
From: Rob Thomas <robt () cymru com>
Date: Tue, 5 Aug 2003 22:33:50 -0500 (CDT)
Hi, NANOGers. ] leaving the spoofing option open for future generations of attacks, ] rather than having a witch-hunt and tracking down and upgrading every ] insecure edge, is just about the worst thing we could do. When I first looked at this problem back in March 2001, I did a study of one often attacked web site. The data showed that 66.85% of all the source addresses hitting the site were *obvious* bogons, e.g. RFC1918, unallocated prefixes, etc. That is 66.85% of all naughty packets that this site never should have received. What was the total percentage of spoofed source packets? That was anyone's guess. You can see this in a presentation I did entitled "60 Days of Basic Naughtiness": <http://www.cymru.com/Presentations/60Days.zip> Since then things have changed in many ways, but the mitigation of spoofing, be it bogon or otherwise, is an improvement. It takes another tool out of their toolbox. We win this battle by degrees. Thanks, Rob. -- Rob Thomas http://www.cymru.com ASSERT(coffee != empty);
Current thread:
- Re: WANTED: ISPs with DDoS defense solutions, (continued)
- Re: WANTED: ISPs with DDoS defense solutions Christopher L. Morrow (Aug 05)
- Re: WANTED: ISPs with DDoS defense solutions Paul Vixie (Aug 05)
- Re: WANTED: ISPs with DDoS defense solutions Barney Wolff (Aug 05)
- Re: WANTED: ISPs with DDoS defense solutions Jason Robertson (Aug 05)
- Re: WANTED: ISPs with DDoS defense solutions Paul Vixie (Aug 05)
- Re: WANTED: ISPs with DDoS defense solutions Christopher L. Morrow (Aug 05)
- Re: WANTED: ISPs with DDoS defense solutions Rob Thomas (Aug 05)
- Re: WANTED: ISPs with DDoS defense solutions Paul Vixie (Aug 05)
- Re: WANTED: ISPs with DDoS defense solutions Christopher L. Morrow (Aug 05)
- Re: WANTED: ISPs with DDoS defense solutions David G. Andersen (Aug 05)
- Re: WANTED: ISPs with DDoS defense solutions Rob Thomas (Aug 05)
- Re: WANTED: ISPs with DDoS defense solutions bdragon (Aug 04)