nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: I don't need no stinking firewall!

From: Jared Mauch <jared () puck nether net>
Date: Wed, 6 Jan 2010 08:42:37 -0500

On Jan 6, 2010, at 3:12 AM, Dobbins, Roland wrote:


Wrong.  The attacker just programmatically generates semantically-valid traffic which is indistinguishablle from real 
traffic, and crowds out the real traffic.

All those fancy timers and counters and what-not don't matter.

I've seen it done over and over again.  Why some folks seem to think this is theoretical or that I somehow haven't 
thought of something they think will prove to be a magic solution is really beyond me, heh.


The reality is they just have not been attacked yet, and hence have no experience in what to do about the problem...

- Jared
Previous By Date Next
Previous By Thread Next

Current thread: