Home page logo

nanog logo nanog mailing list archives

Re: WANTED: ISPs with DDoS defense solutions
From: "Christopher L. Morrow" <chris () UU NET>
Date: Tue, 5 Aug 2003 19:02:02 +0000 (GMT)

On Tue, 5 Aug 2003, Christopher L. Morrow wrote:

Spoofed packets are harder to trace to the source than non-spoofed
packets. Knowing where a malicious packet is very important to the

this is patently incorrect: www.secsup.org/Tracking/ has some information
you might want to review. Tracking spoofed attacks is infact EASIER than
non-spoofed attacks, especially if your network has a large 'edge'.

Errr... you don't need to _track_ non-spoofed attacks - you _know_ where
the source is.  Instead of going box to box back to the source (most
likely across several providers) you can immediately go to _their_

so long as you are sure they aren't spoofed, yes. The point I mis-made was
that tracking the spoofed attacks back to your edge is quicker since in
many cases the non-spoofed attacks come from 'everywhere' so blocking
traffic becomes a null route very quickly :( (unless the upstreams from
your edge device can absorb the load and the protocol/ports being flooded
are not critical to the business of the box being hammered.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]