nanog mailing list archives

RE: DDOS anecdotes

From: Bohdan Tashchuk <tashchuk () easystreet com>
Date: Sat, 23 Jun 2001 16:11:56 -0700

So what do we do about it? There are 10th of thousands of "0wned" machines
out there. 10.000 machines sending one SYN per second to somewhere
constitutes a 6mbit SYN flood that'll make almost any web server get into
trouble. 10 SYNs per second and we're really talking traffic here. From
spoofed sources because ISPs do not source address filter? Gah. Basically
untraceable.


Wouldn't it be poetic justice if/when these "Owned" Windoze machines
turn their attentions to www.microsoft.com?

That would get Microsoft's attention. I don't care how big their pipes
or how widely distributed their servers. A DDOS like this would be
devastating.

Current thread:

Re: Few questions to the american ISPs [Re: DDOS anecdotes], (continued)
- - - Re: Few questions to the american ISPs [Re: DDOS anecdotes] Mikael Abrahamsson (Jun 24)
    - Re: Few questions to the american ISPs [Re: DDOS anecdotes] Steven J. Sobol (Jun 24)
    - Re: Few questions to the american ISPs [Re: DDOS anecdotes] Alexei Roudnev (Jun 23)
    - Re: more on IP source filtering... RJ Atkinson (Jun 23)
    - Re: anti-spoofing filters RJ Atkinson (Jun 23)
- RE: DDOS anecdotes Tim Devries (Jun 23)
  - RE: DDOS anecdotes Vivien M. (Jun 23)
- RE: DDOS anecdotes Tim Devries (Jun 23)
  - RE: DDOS anecdotes Mikael Abrahamsson (Jun 23)
- RE: DDOS anecdotes Tim Devries (Jun 23)
- RE: DDOS anecdotes Bohdan Tashchuk (Jun 23)
  - Re: DDOS anecdotes Valdis . Kletnieks (Jun 24)