Home page logo

nanog logo nanog mailing list archives

Re: UDP port 80 DDoS attack
From: Keegan Holley <keegan.holley () sungard com>
Date: Sun, 5 Feb 2012 20:50:23 -0500

2012/2/5 Dobbins, Roland <rdobbins () arbor net>

On Feb 6, 2012, at 8:37 AM, Keegan Holley wrote:

Source RTBH often falls victim to rapidly changing or spoofed source

S/RTBH can be rapidly shifted in order to deal with changing purported
source IPs, and it isn't limited to /32s.  It's widely supported on Cisco
and Juniper gear (flowspec is a better choice on Juniper gear).

I was referring to support from ISP's not from hardware vendors.

If folks don't want to read the presos or search through the archives,
that's fine, of course.  The fact is that there are quite a few things that
operators can and should do in order to mitigate DDoS attacks; and making
the perfect the enemy of the merely good only helps the attackers, doesn't

Yes but assuming everything discussed at a conference is instantly adopted
by the entire industry gives one false hope no?

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]