Home page logo

nanog logo nanog mailing list archives

Re: UDP port 80 DDoS attack
From: Keegan Holley <keegan.holley () sungard com>
Date: Wed, 8 Feb 2012 04:12:21 -0500

It works in theory, but to get every ISP and hosting provider to ACL their
edges and maintain those ACL's for every customer no matter how large might
be a bit difficult.  Also, what about non-BGP customers or customers that
just accept a default route? Or even customers that just want return
traffic to come in a different link for some reason.  ISP's would suddenly
become giant traffic registries.

2012/2/8 George Bonser <gbonser () seven com>

From: Keegan Holley

How do you stop it?

A provider knows what destination IP traffic they route TO a customer,
don't they?  That should be the only source IPs they accept FROM a customer.

If you don't route it TO the customer, you shouldn't accept it FROM the
customer unless you have made special arrangements with them and verified
they are entitled to source the traffic from the desired IPs.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]