Home page logo

nanog logo nanog mailing list archives

RE: Upsurge in attacks?
From: "David Schwartz" <davids () webmaster com>
Date: Tue, 4 Sep 2001 20:24:03 -0700

On Tue, 4 Sep 2001, Chris Rapier wrote:

Note: We only really start to give a damn when attacks start to suck up
more than 20Mbps on its own. Anything less than that is either not worth
the hassle or gets lost in the noise. Our position as a GigaPOP
eliminates a few potential areas of concern.

That's nice to know.  So, If we see <20Mb/s attack from psc.edu, to get
your attention and make sure you give a damn about the initial problem, we
should counter-attack with 50-60Mb/s or so?  Is that the official stance
of psc.edu?

        I hope he was talking about attacks on him (inbound to him) rather than
attacks originating on his network. However, if you ignore a 20Mbps attack,
you may wind up launching your own 20Mbps attack unwittingly.

        For example, if someone sends you spoofed TCP SYN packets, you may respond
with an equal number of ICMP unreachable packets, flooding an innocent
victim. So you generally cannot ignore 'small' floods, even if they're not
harming you. At least, that is, if you care about who you hurt.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]