nanog mailing list archives
Re: automatic rtbh trigger using flow data
From: "Roland Dobbins" <rdobbins () arbor net>
Date: Sat, 01 Sep 2018 00:13:20 +0700
On 31 Aug 2018, at 23:53, Lotia, Pratik M wrote:
Instead of rtbh I would suggest blocking/rate limiting common ports used in DDoS attacks.
This isn't an 'instead of', it's an 'in addition to'. And it must be done judiciously; many operators doing this have concentrated on common port-pairs observed in UDP reflection/amplification attacks.
It's important to understand that any kind of packet of any protocol/ports (if such concepts apply on the protocol in question) can be used to launch DDoS attacks.
We've many tools in the toolbox, and should use them in a situationally-appropriate manner. And when we're using techniques like QoSing down certain ports/protocols, we must err on the side of caution, lest we cause larger problems than the attacks themselves.
----------------------------------- Roland Dobbins <rdobbins () arbor net>
Current thread:
- Re: automatic rtbh trigger using flow data, (continued)
- Re: automatic rtbh trigger using flow data Roland Dobbins (Aug 30)
- Re: automatic rtbh trigger using flow data Hugo Slabbert (Aug 31)
- Re: automatic rtbh trigger using flow data Roland Dobbins (Aug 31)
- RE: automatic rtbh trigger using flow data Michel Py (Aug 30)
- Re: automatic rtbh trigger using flow data H I Baysal (Aug 31)
- RE: automatic rtbh trigger using flow data Ryan Hamel (Aug 31)
- Re: automatic rtbh trigger using flow data H I Baysal (Aug 31)
- Re: automatic rtbh trigger using flow data Roland Dobbins (Aug 31)
- RE: automatic rtbh trigger using flow data Michel Py (Aug 31)
- RE: automatic rtbh trigger using flow data Lotia, Pratik M (Aug 31)
- Re: automatic rtbh trigger using flow data Roland Dobbins (Aug 31)
- RE: automatic rtbh trigger using flow data Lotia, Pratik M (Aug 31)
- RE: automatic rtbh trigger using flow data Aaron Gould (Aug 31)
- Re: automatic rtbh trigger using flow data Hugo Slabbert (Aug 31)