nanog mailing list archives

Re: syn flood attacks from NL-based netblocks

From: Töma Gavrichenkov <ximaera () gmail com>
Date: Mon, 19 Aug 2019 22:05:30 +0300

On Mon, Aug 19, 2019, 9:24 PM Florian Brandstetter <florianb () squareflow net>
wrote:

Load balancing is done on Layer 4 or Layer 3 when routing, so your
ingress connection will have the same hash as the outgoing connection
(unless the source port of the connection changes on the ACK - which it
really should not).


If the hash is symmetric, yes.  No wonder topology issues would have more
impact, my point was that there are also other things to look at here.

--
Töma

Current thread:

Re: syn flood attacks from NL-based netblocks, (continued)
- - - Re: syn flood attacks from NL-based netblocks Mike (Aug 18)
    - Re: syn flood attacks from NL-based netblocks Töma Gavrichenkov (Aug 19)
    - Re: syn flood attacks from NL-based netblocks Damian Menscher via NANOG (Aug 18)
    - Re: syn flood attacks from NL-based netblocks Töma Gavrichenkov (Aug 19)
    - Re: syn flood attacks from NL-based netblocks Damian Menscher via NANOG (Aug 19)
    - Re: syn flood attacks from NL-based netblocks Töma Gavrichenkov (Aug 19)
    - Re: syn flood attacks from NL-based netblocks Valdis Klētnieks (Aug 19)
    - Re: syn flood attacks from NL-based netblocks Töma Gavrichenkov (Aug 19)
    - Re: syn flood attacks from NL-based netblocks Valdis Klētnieks (Aug 19)
    - Re: syn flood attacks from NL-based netblocks Töma Gavrichenkov (Aug 19)
    - Message not available
    - Re: syn flood attacks from NL-based netblocks Töma Gavrichenkov (Aug 19)
    - Re: syn flood attacks from NL-based netblocks Florian Brandstetter (Aug 20)
- Re: syn flood attacks from NL-based netblocks Jakob Heitz (jheitz) via NANOG (Aug 20)