mailing list archives
Re: UDP port 80 DDoS attack
From: Keegan Holley <keegan.holley () sungard com>
Date: Thu, 9 Feb 2012 23:21:48 -0500
2012/2/8 Steve Bertrand <steve.bertrand () gmail com>
On 2012.02.08 14:23, Drew Weaver wrote:
Stop paying transit providers for delivering spoofed packets to the edge
of your network and they will very quickly develop methods of proving that
the traffic isn't spoofed, or block it altogether. =)
I firmly believe in this recourse, amongst others...
How do you tell the spoofed packets from the non-spoofed ones? Especially
if you have more than one provider.
If you know that your provider allows spoofed traffic, let the community
know about it.
According to a company wide NDA I'm only allowed to disclose that to the
best of my knowledge my upstreams permits packets sent from users or other
NSP's who may or may not permit or generate packets. The source IP
addresses are checked to be valid 32 bit numbers before being sent to my
routers. My upstreams to the best of their knowledge have never sent me a
single spoofed packet and will refrain from doing so unless they receive
written consent from me, in triplicate. ;)
In all aspects of life, a problem must be 'fixed' at the source. All of
the small-medium size ops have to connect to the big-boys somewhere, and
what I've seen in this industry is that the big-boys are generally
As long as compliant means completely indifferent to your concerns and
unwilling to change or compromise in any meaningful while sucking money
away faster than the government. They are all very very compliant and a
pleasure to do business with.