nanog mailing list archives
Re: [c-nsp] DNS amplification
From: Damian Menscher <damian () google com>
Date: Sun, 17 Mar 2013 21:18:47 -0700
On Sun, Mar 17, 2013 at 7:04 PM, Jimmy Hess <mysidia () gmail com> wrote:
If you have a sufficiently massive number of traffic sensors, and massive data gathering infrastructure, close enough to the attacks, it may be possible to analyze the microsecond-level timing of packets, and the time sequence/order they arrive at various sensors (milliseconds delay/propagation rate of attacker nodes initiating), in order to provide a probability that spoofed packets came from certain networks.
To get microsecond-level timing, you have to be so close that you're basically just peering with everyone. And at that point you can just look to see which fibers carry spoofed packets. Once you know an ISP hasn't implemented BCP38, what'st the next step? De-peering just reduces your own visibility into the problem. What if it's a transit provider, who can be legitimately expected to route for 0/0? Damian
Current thread:
- Re: [c-nsp] DNS amplification Jon Lewis (Mar 16)
- Re: [c-nsp] DNS amplification Steven Fischer (Mar 16)
- Re: [c-nsp] DNS amplification Arturo Servin (Mar 17)
- Re: [c-nsp] DNS amplification Christopher Morrow (Mar 17)
- Re: [c-nsp] DNS amplification Arturo Servin (Mar 17)
- Re: [c-nsp] DNS amplification Christopher Morrow (Mar 17)
- Re: [c-nsp] DNS amplification Jared Mauch (Mar 18)
- Re: [c-nsp] DNS amplification Christopher Morrow (Mar 17)
- Re: [c-nsp] DNS amplification Jon Lewis (Mar 17)
- Re: [c-nsp] DNS amplification Jimmy Hess (Mar 17)
- Re: [c-nsp] DNS amplification Damian Menscher (Mar 17)
- Re: [c-nsp] DNS amplification Jimmy Hess (Mar 17)
- Re: [c-nsp] DNS amplification Mark Andrews (Mar 17)
- Re: [c-nsp] DNS amplification Masataka Ohta (Mar 17)
- Re: [c-nsp] DNS amplification Dobbins, Roland (Mar 17)
- Re: [c-nsp] DNS amplification Masataka Ohta (Mar 18)
- Re: [c-nsp] DNS amplification Dobbins, Roland (Mar 18)
- Re: [c-nsp] DNS amplification Masataka Ohta (Mar 18)
- Re: [c-nsp] DNS amplification Aled Morris (Mar 19)
- Re: [c-nsp] DNS amplification Christopher Morrow (Mar 19)