nanog mailing list archives

Re: FW: Re: Is there a line of defense against Distributed Reflective attacks?

From: "Johannes Ullrich" <jullrich () euclidian com>
Date: Sun, 19 Jan 2003 09:38:10 -0500

*shrug* just seems like it would make more sense to block all incoming
'syn' packets.
Wouldn't that be faster than inspecting the destination port against two
seperate rules?


blocking all SYN's will break too much other stuff (Instant Messangers,
games ...). I think we would be much better off if they (consumer ISPs)
would block 135-139 and 445, maybe 21 and 80.

The rest could be handled with a simple IDS (doesn't even need
to match patterns... just count packets going to 27374 and the like)

I keep saying ISPs would be much better off if they implement these 
filters. But not all of them agree. IMHO: less 'zombies' -> better
service -> less support phonecalls.



-- 
--------------------------------------------------------------------
jullrich () euclidian com             Collaborative Intrusion Detection
                                         join http://www.dshield.org

Attachment: _bin
Description:

Current thread:

Re: FW: Re: Is there a line of defense against Distributed Reflective attacks?, (continued)
- - - Message not available
    - Re: FW: Re: Is there a line of defense against Distributed Reflective attacks? Daniel Senie (Jan 18)
    - Re: FW: Re: Is there a line of defense against Distributed Reflective attacks? John Kristoff (Jan 18)
    - Re: FW: Re: Is there a line of defense against Distributed Reflective attacks? Chris Adams (Jan 18)
    - Re: FW: Re: Is there a line of defense against Distributed Reflective attacks? hc (Jan 18)
    - Re: FW: Re: Is there a line of defense against Distributed Reflective attacks? John Kristoff (Jan 19)
    - Re: FW: Re: Is there a line of defense against Distributed Reflective attacks? Christopher L. Morrow (Jan 18)
    - Re: FW: Re: Is there a line of defense against Distributed Reflective attacks? Rob Thomas (Jan 18)
    - Re: FW: Re: Is there a line of defense against Distributed Reflective attacks? Avleen Vig (Jan 18)
    - Re: FW: Re: Is there a line of defense against Distributed Reflective attacks? Christopher L. Morrow (Jan 18)
    - Re: FW: Re: Is there a line of defense against Distributed Reflective attacks? Avleen Vig (Jan 19)
    - Re: FW: Re: Is there a line of defense against Distributed Reflective attacks? Johannes Ullrich (Jan 19)
    - Re: FW: Re: Is there a line of defense against Distributed Reflective attacks? Rob Thomas (Jan 19)
    - Re: FW: Re: Is there a line of defense against Distributed Reflective attacks? Christopher L. Morrow (Jan 20)
    - Re: FW: Re: Is there a line of defense against Distributed Reflective attacks? Avleen Vig (Jan 20)
    - Re: FW: Re: Is there a line of defense against Distributed Reflective attacks? Jeff Workman (Jan 20)
    - Re: FW: Re: Is there a line of defense against Distributed Reflective attacks? Christopher L. Morrow (Jan 20)
    - Re: FW: Re: Is there a line of defense against Distributed Reflective attacks? Scott Granados (Jan 20)
    - Re: FW: Re: Is there a line of defense against Distributed Reflective attacks? Avleen Vig (Jan 20)
    - Re: FW: Re: Is there a line of defense against Distributed Reflective attacks? Vadim Antonov (Jan 20)
    - Re: FW: Re: Is there a line of defense against Distributed Reflective attacks? E.B. Dreger (Jan 20)
    - Re: FW: Re: Is there a line of defense against Distributed Reflective attacks? todd glassey (Jan 21)

(Thread continues...)