nanog mailing list archives
Re: Is there a line of defense against Distributed Reflective attacks?
From: "Christopher L. Morrow" <chris () UU NET>
Date: Fri, 17 Jan 2003 03:59:21 +0000 (GMT)
On Thu, 16 Jan 2003, hc wrote:
This type of DRDOS (Distributed Reflective Denial of Service Attack) is well commonly-known to both network operators, and as well as many script-kiddies. By forging the source IP address of the attack to the victim's IP, and attacking internet backbone routers, this creates an immediate, devastating, yet very effective attack. Backbone routers, seeing this as legitimate packets simply reply back to the victim. I guess the question is, what are the internet backbones doing these days to evade the outcome of reflected DoS attacks? Are they simply going to let their routers be the middleman to kick off innocent hosts? SYN cookies and various other methods to control DoS attacks are only
Because syn cookies are available on routing gear??? Either way syn cookies are not going to keep the device from sending a 'syn-ack' to the 'originating host'.
used by smart ISP's.. And considering most ISP's do not even care about egress filters, I don't believe any of these methods will work for quite some time to come. -hc
Current thread:
- Is there a line of defense against Distributed Reflective attacks? Brad Laue (Jan 16)
- Re: Is there a line of defense against Distributed Reflective attacks? hc (Jan 16)
- Re: Is there a line of defense against Distributed Reflective attacks? Christopher L. Morrow (Jan 16)
- Re: Is there a line of defense against Distributed Reflective attacks? Rob Thomas (Jan 16)
- Re: Is there a line of defense against Distributed Reflective attacks? hc (Jan 16)
- Re: Is there a line of defense against Distributed Reflective attacks? Christopher L. Morrow (Jan 16)
- Re: Is there a line of defense against Distributed Reflective attacks? Brad Laue (Jan 16)
- Re: Is there a line of defense against Distributed Reflective attacks? Christopher L. Morrow (Jan 16)
- Re: Is there a line of defense against Distributed Reflective attacks? hc (Jan 16)
- Re: Is there a line of defense against Distributed Reflective attacks? Christopher L. Morrow (Jan 16)
- Re: Is there a line of defense against Distributed Reflective attacks? E.B. Dreger (Jan 18)
- Re: Is there a line of defense against Distributed Reflective attacks? Travis Pugh (Jan 16)
- Re: Is there a line of defense against Distributed Reflective attacks? Christopher L. Morrow (Jan 16)
- Re: Is there a line of defense against Distributed Reflective attacks? Valdis . Kletnieks (Jan 16)
- Re: Is there a line of defense against Distributed Reflective attacks? hc (Jan 16)