nanog mailing list archives

Re: Is there a line of defense against Distributed Reflective attacks?

From: "Christopher L. Morrow" <chris () UU NET>
Date: Fri, 17 Jan 2003 05:20:59 +0000 (GMT)




On Fri, 17 Jan 2003, hc wrote:


Good point.

I suppose another basic but effective method of prevention would be
egress filtering. An increasing minority of network providers are
instituting it, but it doesn't seem like it will be a widespread thing
in the near-term.


Yes, but egress filtering is only effective by far. Anyone can forge the
source to an IP address that belongs to one of the /16's a provider
advertises.


filter close to the end host, this limits (mostly) to the local /24 or /25
or /2(>5)...


It will help of course, but really not The solution... Or is there one?


haha, there isn't one :( since even with no spoofing you can muster an
army of 100,000 IIS servers still scanning for nimda :(

Current thread:

Re: Is there a line of defense against Distributed Reflective attacks?, (continued)
- - - Re: Is there a line of defense against Distributed Reflective attacks? Christopher L. Morrow (Jan 17)
    - Re: Is there a line of defense against Distributed Reflective attacks? alex (Jan 23)
    - Re: Is there a line of defense against Distributed Reflective attacks? Michael Lamoureux (Jan 23)
    - Re: Is there a line of defense against Distributed Reflective attacks? alex (Jan 27)
    - Re: Is there a line of defense against Distributed Reflective attacks? Jack Bates (Jan 27)
    - Re: Is there a line of defense against Distributed Reflective attacks? E.B. Dreger (Jan 27)
    - Re: Is there a line of defense against Distributed Reflective attacks? Valdis . Kletnieks (Jan 27)
- Re: Is there a line of defense against Distributed Reflective attacks? Christopher L. Morrow (Jan 16)
  - Re: Is there a line of defense against Distributed Reflective attacks? Brad Laue (Jan 16)
    - Re: Is there a line of defense against Distributed Reflective attacks? hc (Jan 16)
    - Re: Is there a line of defense against Distributed Reflective attacks? Christopher L. Morrow (Jan 16)
    - Re: Is there a line of defense against Distributed Reflective attacks? Valdis . Kletnieks (Jan 16)
  - Re: Is there a line of defense against Distributed Reflective attacks? alex (Jan 23)
- Re: Is there a line of defense against Distributed Reflective attacks? David G. Andersen (Jan 16)
  - Re: Is there a line of defense against Distributed Reflective attacks? David G. Andersen (Jan 16)
- Re: Is there a line of defense against Distributed Reflective attacks? John Kristoff (Jan 17)
  - Re: Is there a line of defense against Distributed Reflective attacks? Christopher L. Morrow (Jan 17)
    - Re: Is there a line of defense against Distributed Reflective attacks? David G. Andersen (Jan 17)
    - Re: Is there a line of defense against Distributed Reflective attacks? Christopher L. Morrow (Jan 17)
    - Re: Is there a line of defense against Distributed Reflective attacks? Clayton Fiske (Jan 17)
    - Re: Is there a line of defense against Distributed Reflective attacks? Haesu (Jan 17)

(Thread continues...)