[120929] in North American Network Operators' Group
Re: I don't need no stinking firewall!
daemon@ATHENA.MIT.EDU (Jared Mauch)
Wed Jan 6 08:43:13 2010
From: Jared Mauch <jared@puck.nether.net>
In-Reply-To: <39147642-D10A-4352-BDCC-9291D4BCEAAC@arbor.net>
Date: Wed, 6 Jan 2010 08:42:37 -0500
To: "Dobbins, Roland" <rdobbins@arbor.net>
Cc: NANOG list <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Jan 6, 2010, at 3:12 AM, Dobbins, Roland wrote:
> Wrong. The attacker just programmatically generates =
semantically-valid traffic which is indistinguishablle from real =
traffic, and crowds out the real traffic.
>=20
> All those fancy timers and counters and what-not don't matter.
>=20
> I've seen it done over and over again. Why some folks seem to think =
this is theoretical or that I somehow haven't thought of something they =
think will prove to be a magic solution is really beyond me, heh.
The reality is they just have not been attacked yet, and hence have no =
experience in what to do about the problem...
- Jared=
