Home page logo
/

nanog logo nanog mailing list archives

RE: UDP port 80 DDoS attack
From: Drew Weaver <drew.weaver () thenap com>
Date: Wed, 8 Feb 2012 14:23:27 -0500

Stop paying transit providers for delivering spoofed packets to the edge of your network and they will very quickly 
develop methods of proving that the traffic isn't spoofed, or block it altogether. =)

-Drew


-----Original Message-----
From: George Bonser [mailto:gbonser () seven com] 
Sent: Wednesday, February 08, 2012 1:27 PM
To: bas; nanog
Subject: RE: UDP port 80 DDoS attack

77% of all networks seem to think so.
http://spoofer.csail.mit.edu/summary.php

And it would be the remaining 23% that really need to understand how difficult they are making life for the rest of the 
Internet.

However the remaining networks allow spoofed traffic to egress their 
networks.

When that traffic enters my network, I have no method whatsoever to 
differentiate it from any other traffic.

I'm not really thinking about traffic coming from the Internet.  I'm thinking about its originating location.  Correct, 
once it gets into the Internet, you really have no way to tell.

I could ask my upstream where they see it coming from, which will be 
quite hard if they do not have pretty fancy systems.

At that point the game is really hard, agreed.  And if it is distributed, it could be coming from any number of places 
or from every single one of their upstreams.


But if they receive it from a peer, I am as good as lost in trying to 
find the culprit.

Agreed.  That's why it is important to stop it at the source.

Bas



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]