Home page logo

nanog logo nanog mailing list archives

Re: UDP port 80 DDoS attack
From: Keegan Holley <keegan.holley () sungard com>
Date: Wed, 8 Feb 2012 10:53:16 -0500

2012/2/8 Dobbins, Roland <rdobbins () arbor net>

On Feb 8, 2012, at 8:07 PM, bas wrote:

As far as I see it S/RTBH is in no way a solution against smart
attackers, of course it does help against all the kiddie attacks out

Once again, I've used S/RTBH myself and helped others use it many, many
times, including to defend against attacks with shifting purported source
IPs.  flowspec, IDMS and other tools are very useful as well, but S/RTBH is
supported on a lot of hardware, if operators choose to configure it.

It is not a panacea.  It is one tool in the toolbox.

Folks can either choose to make use of it or choose not to do so; it is
operationally proven, it does work, and it's certainly better than nothing.

I agree.  I think RTBH is a broadsword not a scalpel.  It's a tool in the
tool box and there is a danger of dropping legitimate traffic with both
S/RTBH and D/RTBH.  BGP isn't a security protocol.  It's not even that
great of a routing protocol.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]