nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: TCP-AMP DDoS Attack - Fake abuse reports problem

From: Tom Beecher <beecher () beecher cc>
Date: Fri, 21 Feb 2020 11:20:36 -0500
It is spoofing, but it is also absolutely amplification. Look at the preso
that Damien linked :
https://www.usenix.org/conference/woot14/workshop-program/presentation/kuhrer

Hope that this doesn't become one of the 'services' that you provide! :)

On Thu, Feb 20, 2020 at 6:40 PM Jean | ddostest.me via NANOG <
nanog () nanog org> wrote:


It doesn't sound to be a real amplification.. If it is, can anyone provide
the amplification factor? 1x?

It sounds more like a TCP spoofing.

Jean
On 2020-02-20 18:22, Töma Gavrichenkov wrote:

Peace,

On Fri, Feb 21, 2020, 1:57 AM Filip Hruska <fhr () fhrnet eu> wrote:


[..] OVH has been offering DDOS protection capable of soaking up hundreds
of gigabits+ per second as a standard with all their services for a long
time


They only do it for common trivial vectors like UDP-based amplification —
and other types easily handleable through flowspec.

Which is honestly not their fault because they try to keep their costs
down.  (Other means to keep the costs down may be of concern of Ronald G.
though, but that's a different story.)

However, TCP amplification is not of that sort.

--
Töma
Previous By Date Next
Previous By Thread Next

Current thread: