nanog mailing list archives
Re: FW: Re: Is there a line of defense against Distributed Reflective attacks?
From: Rob Thomas <robt () cymru com>
Date: Sun, 19 Jan 2003 13:25:03 -0600 (CST)
Hi, NANOGers. ] The rest could be handled with a simple IDS (doesn't even need ] to match patterns... just count packets going to 27374 and the like) There is no "simple IDS" for OC48+ links. :) Counters are possible, though adding that many ACLs can be more than burdensome on certain code and hardware releases. Don't even mention logging. :/ While some ports are more obvious than others, there is still the question of what is in the payload of a packet that increments a counter. It may be quite benign, e.g. a SYN packet to port 80 from source port 27374. At the edge some of these things are quite possible. At aggregation and transit points, however, such suggestions don't scale. ] I keep saying ISPs would be much better off if they implement these ] filters. But not all of them agree. IMHO: less 'zombies' -> better ] service -> less support phonecalls. I agree. Thanks, Rob. -- Rob Thomas http://www.cymru.com ASSERT(coffee != empty);
Current thread:
- Re: FW: Re: Is there a line of defense against Distributed Reflective attacks?, (continued)
- Re: FW: Re: Is there a line of defense against Distributed Reflective attacks? John Kristoff (Jan 18)
- Re: FW: Re: Is there a line of defense against Distributed Reflective attacks? Chris Adams (Jan 18)
- Re: FW: Re: Is there a line of defense against Distributed Reflective attacks? hc (Jan 18)
- Re: FW: Re: Is there a line of defense against Distributed Reflective attacks? John Kristoff (Jan 19)
- Re: FW: Re: Is there a line of defense against Distributed Reflective attacks? Christopher L. Morrow (Jan 18)
- Re: FW: Re: Is there a line of defense against Distributed Reflective attacks? Rob Thomas (Jan 18)
- Re: FW: Re: Is there a line of defense against Distributed Reflective attacks? Avleen Vig (Jan 18)
- Re: FW: Re: Is there a line of defense against Distributed Reflective attacks? Christopher L. Morrow (Jan 18)
- Re: FW: Re: Is there a line of defense against Distributed Reflective attacks? Avleen Vig (Jan 19)
- Re: FW: Re: Is there a line of defense against Distributed Reflective attacks? Johannes Ullrich (Jan 19)
- Re: FW: Re: Is there a line of defense against Distributed Reflective attacks? Rob Thomas (Jan 19)
- Re: FW: Re: Is there a line of defense against Distributed Reflective attacks? Christopher L. Morrow (Jan 20)
- Re: FW: Re: Is there a line of defense against Distributed Reflective attacks? Avleen Vig (Jan 20)
- Re: FW: Re: Is there a line of defense against Distributed Reflective attacks? Jeff Workman (Jan 20)
- Re: FW: Re: Is there a line of defense against Distributed Reflective attacks? Christopher L. Morrow (Jan 20)
- Re: FW: Re: Is there a line of defense against Distributed Reflective attacks? Scott Granados (Jan 20)
- Re: FW: Re: Is there a line of defense against Distributed Reflective attacks? Avleen Vig (Jan 20)
- Re: FW: Re: Is there a line of defense against Distributed Reflective attacks? Vadim Antonov (Jan 20)
- Re: FW: Re: Is there a line of defense against Distributed Reflective attacks? E.B. Dreger (Jan 20)
- Re: FW: Re: Is there a line of defense against Distributed Reflective attacks? todd glassey (Jan 21)
- Re: FW: Re: Is there a line of defense against Distributed Reflective attacks? Vadim Antonov (Jan 21)