nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: NDP DoS attack (was Re: Anybody can participate in the IETF (Was: Why is IPv6 broken?))

From: Valdis.Kletnieks () vt edu
Date: Fri, 15 Jul 2011 12:15:39 -0400
On Thu, 14 Jul 2011 23:13:03 PDT, Owen DeLong said:

On Jul 14, 2011, at 8:24 PM, Jimmy Hess wrote:

In most cases if you have a DoS attack coming from the same Layer-2
network that a router is attached to,
it would mean there was already a serious security incident  that
occured to give the attacker that special point to attack from.



That's one possibility.

The other likely possibility is that you are a University.


Nope. Unless you want to add "or you are a cable provider, or you are a DSL
provider, or you are a...." to that. (Hint - what percent of students launch DoS
attacks that cut themselves off from the net? Compare to what percent of
non-student machines out on cable and DSL are botted or pwned)

Even if you're a university with resident students, if said students are on the
same Layer-2 as anything you actually care about, you have a serious security
incident.

"Student manages to DoS the router out of the dorm and strands 3 floors of dorm
without internet" is just as interesting as "Joe Sixpack manages to DoS the
router at the cable head end and strands 3 blocks of Comcast customers without
internet", for the *exact same reasons*.  If the student is able to play more
level-2 games than Joe Sixpack can, you misdesigned your network.

Attachment: _bin
Description:

Previous By Date Next
Previous By Thread Next

Current thread: