nanog mailing list archives
Re: Is there a line of defense against Distributed Reflective attacks?
From: "Steven M. Bellovin" <smb () research att com>
Date: Sat, 18 Jan 2003 23:16:59 -0500
In message <Pine.GSO.4.44.0301182004040.16112-100000 () clifden donelan com>, Sean Donelan writes:
On Sat, 18 Jan 2003, Steven M. Bellovin wrote:theory, trace a single packet. But the real problem with either idea is this: suppose that you know, unambiguously and unequivocally, that 750 zombies are attacking you. What do you do with that information?The reality is its not 750 zombies, its generally one person controlling 750 zombies attacking you.
Right -- and neither itrace nor hash-based tracing are going to solve that:
3) Find and convict the true attacker
Hash-based trace might help on that, *if* there was recording of the packets to the zombies. But doing that ubiquitously might -- would? -- turn the Internet into a surveillance state.
2) Track and stop DDOS quickly when it does happen
That's the point of pushback.
So how do we 1) Make end-user systems less vulnerable to being compromised
That's my real goal... --Steve Bellovin, http://www.research.att.com/~smb (me) http://www.wilyhacker.com (2nd edition of "Firewalls" book)
Current thread:
- Re: OT: Re: FW: Re: Is there a line of defense against Distributed Reflective attacks?, (continued)
- Re: OT: Re: FW: Re: Is there a line of defense against Distributed Reflective attacks? Petri Helenius (Jan 23)
- Re: FW: Re: Is there a line of defense against Distributed Reflective attacks? Vijay Gill (Jan 22)
- Re: Streaming Video Bandwidth Requirements, WAS: FW: Re: Is there a line of defense against Distributed Reflective attacks? Numetra (Jan 24)
- Re: FW: Re: Is there a line of defense against Distributed Reflective attacks? Damian Gerow (Jan 22)
- Re: FW: Re: Is there a line of defense against Distributed Reflective attacks? Damian Gerow (Jan 22)
- ISPs not liable for hostile code sent between users Sean Donelan (Jan 23)
- Re: ISPs not liable for hostile code sent between users Jack Bates (Jan 23)
- Re: Is there a line of defense against Distributed Reflective attacks? Sean Donelan (Jan 18)
- Re: Is there a line of defense against Distributed Reflective attacks? E.B. Dreger (Jan 18)
- Re: Is there a line of defense against Distributed Reflective attacks? Sean Donelan (Jan 19)
- RE: Is there a line of defense against Distributed Reflective attacks? Deepak Jain (Jan 19)
- Re: Is there a line of defense against Distributed Reflective attacks? David G. Andersen (Jan 19)
- RE: Is there a line of defense against Distributed Reflective attacks? Deepak Jain (Jan 19)
- Re: Is there a line of defense against Distributed Reflective attacks? David Howe (Jan 20)
- OT: Is there a line of defense against Distributed Reflective attacks? Al Rowland (Jan 20)