nanog mailing list archives

Re: Is there a line of defense against Distributed Reflective attacks?

From: Valdis.Kletnieks () vt edu
Date: Fri, 17 Jan 2003 00:23:52 -0500

On Fri, 17 Jan 2003 00:03:56 EST, hc said:

It will help of course, but really not The solution... Or is there one?


In this industry, anybody who advertises The Solution should automatically
be considered a snake oil salesman.  There's no One Great Answer, because
there's more than one question.  There's a LOT of things that would help:
 
Ingress filtering
Egress filtering
Clued incident response teams
Systems not shipped insecure by default.

etc etc etc.  You've heard them all, I've said them all, they all address
parts of the problem.  Nothing addresses all of it.

Ingress/egress filtering would help in some cases of a DDoS packet flood.

Ingress/egress filtering doesn't do squat when Nimda is on a burn.
-- 
                                Valdis Kletnieks
                                Computer Systems Senior Engineer
                                Virginia Tech

Attachment: _bin
Description:

Current thread:

Re: Is there a line of defense against Distributed Reflective attacks?, (continued)
- - - Re: Is there a line of defense against Distributed Reflective attacks? alex (Jan 23)
    - Re: Is there a line of defense against Distributed Reflective attacks? Michael Lamoureux (Jan 23)
    - Re: Is there a line of defense against Distributed Reflective attacks? alex (Jan 27)
    - Re: Is there a line of defense against Distributed Reflective attacks? Jack Bates (Jan 27)
    - Re: Is there a line of defense against Distributed Reflective attacks? E.B. Dreger (Jan 27)
    - Re: Is there a line of defense against Distributed Reflective attacks? Valdis . Kletnieks (Jan 27)
- Re: Is there a line of defense against Distributed Reflective attacks? Christopher L. Morrow (Jan 16)
  - Re: Is there a line of defense against Distributed Reflective attacks? Brad Laue (Jan 16)
    - Re: Is there a line of defense against Distributed Reflective attacks? hc (Jan 16)
    - Re: Is there a line of defense against Distributed Reflective attacks? Christopher L. Morrow (Jan 16)
    - Re: Is there a line of defense against Distributed Reflective attacks? Valdis . Kletnieks (Jan 16)
  - Re: Is there a line of defense against Distributed Reflective attacks? alex (Jan 23)
- Re: Is there a line of defense against Distributed Reflective attacks? David G. Andersen (Jan 16)
  - Re: Is there a line of defense against Distributed Reflective attacks? David G. Andersen (Jan 16)
- Re: Is there a line of defense against Distributed Reflective attacks? John Kristoff (Jan 17)
  - Re: Is there a line of defense against Distributed Reflective attacks? Christopher L. Morrow (Jan 17)
    - Re: Is there a line of defense against Distributed Reflective attacks? David G. Andersen (Jan 17)
    - Re: Is there a line of defense against Distributed Reflective attacks? Christopher L. Morrow (Jan 17)
    - Re: Is there a line of defense against Distributed Reflective attacks? Clayton Fiske (Jan 17)
    - Re: Is there a line of defense against Distributed Reflective attacks? Haesu (Jan 17)
    - Re: Is there a line of defense against Distributed Reflective attacks? Christopher L. Morrow (Jan 17)

(Thread continues...)