Home page logo

nanog logo nanog mailing list archives

Re: WANTED: ISPs with DDoS defense solutions
From: Rob Thomas <robt () cymru com>
Date: Tue, 5 Aug 2003 22:33:50 -0500 (CDT)

Hi, NANOGers.

] leaving the spoofing option open for future generations of attacks,
] rather than having a witch-hunt and tracking down and upgrading every
] insecure edge, is just about the worst thing we could do.

When I first looked at this problem back in March 2001, I did a
study of one often attacked web site.  The data showed that 66.85%
of all the source addresses hitting the site were *obvious* bogons,
e.g. RFC1918, unallocated prefixes, etc.  That is 66.85% of all
naughty packets that this site never should have received.  What
was the total percentage of spoofed source packets?  That was
anyone's guess.

You can see this in a presentation I did entitled "60 Days of Basic


Since then things have changed in many ways, but the mitigation of
spoofing, be it bogon or otherwise, is an improvement.  It takes
another tool out of their toolbox.  We win this battle by degrees.

Rob Thomas
ASSERT(coffee != empty);

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]