nanog mailing list archives
Re: syn flood attacks from NL-based netblocks
From: Damian Menscher via NANOG <nanog () nanog org>
Date: Mon, 19 Aug 2019 10:12:46 -0700
On Mon, Aug 19, 2019 at 4:15 AM Töma Gavrichenkov <ximaera () gmail com> wrote:
Dealing with TCP flags is a different story:
I agree these attacks can be large: the one under discussion probably exceeded 10Mpps (Gbps is the wrong metric for small-packet attacks) I agree they can cause significant outages: this style of attack played a role in the Liberia outages in 2016 My main disagreement is whether small amplification factors are noteworthy. A factor of 2 is "rounding error" and we probably shouldn't waste our time on it (eg, by designing solutions to reduce amplification factors) when we could instead be targeting the sources of spoofed traffic. I was highlighting this as a DDoS (rather than a port scan) mainly to raise awareness. This is definitely an interesting form of attack, largely for the reasons you state (it's subtle to detect and therefore harder to mitigate). But this particular "carpet-bombing" attack isn't likely to be mitigated at the network layer anyway... the load is distributed across thousands of machines which can each trivially handle the state. It's more a question of bandwidth to the provider... and if you're targeting the provider's bandwidth you'd do better to use traditional UDP amplification. Damian
Current thread:
- Re: syn flood attacks from NL-based netblocks, (continued)
- Re: syn flood attacks from NL-based netblocks Amir Herzberg (Aug 17)
- Re: syn flood attacks from NL-based netblocks Damian Menscher via NANOG (Aug 17)
- Re: syn flood attacks from NL-based netblocks Amir Herzberg (Aug 17)
- Re: syn flood attacks from NL-based netblocks Amir Herzberg (Aug 17)
- Re: syn flood attacks from NL-based netblocks Jim Shankland (Aug 17)
- Re: syn flood attacks from NL-based netblocks Mike (Aug 17)
- Re: syn flood attacks from NL-based netblocks Amir Herzberg (Aug 18)
- Re: syn flood attacks from NL-based netblocks Mike (Aug 18)
- Re: syn flood attacks from NL-based netblocks Töma Gavrichenkov (Aug 19)
- Re: syn flood attacks from NL-based netblocks Damian Menscher via NANOG (Aug 18)
- Re: syn flood attacks from NL-based netblocks Töma Gavrichenkov (Aug 19)
- Re: syn flood attacks from NL-based netblocks Damian Menscher via NANOG (Aug 19)
- Re: syn flood attacks from NL-based netblocks Töma Gavrichenkov (Aug 19)
- Re: syn flood attacks from NL-based netblocks Valdis Klētnieks (Aug 19)
- Re: syn flood attacks from NL-based netblocks Töma Gavrichenkov (Aug 19)
- Re: syn flood attacks from NL-based netblocks Valdis Klētnieks (Aug 19)
- Re: syn flood attacks from NL-based netblocks Töma Gavrichenkov (Aug 19)
- Re: syn flood attacks from NL-based netblocks Amir Herzberg (Aug 18)
- Message not available
- Re: syn flood attacks from NL-based netblocks Töma Gavrichenkov (Aug 19)
- Re: syn flood attacks from NL-based netblocks Florian Brandstetter (Aug 20)