[142863] in North American Network Operators' Group
Re: NDP DoS attack (was Re: Anybody can participate in the IETF (Was:
daemon@ATHENA.MIT.EDU (Valdis.Kletnieks@vt.edu)
Fri Jul 15 12:17:35 2011
To: Owen DeLong <owen@delong.com>
In-Reply-To: Your message of "Thu, 14 Jul 2011 23:13:03 PDT."
<81C4F91A-ED76-4810-BA15-1E60C7886956@delong.com>
From: Valdis.Kletnieks@vt.edu
Date: Fri, 15 Jul 2011 12:15:39 -0400
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
--==_Exmh_1310746539_7500P
Content-Type: text/plain; charset=us-ascii
On Thu, 14 Jul 2011 23:13:03 PDT, Owen DeLong said:
> On Jul 14, 2011, at 8:24 PM, Jimmy Hess wrote:
> > In most cases if you have a DoS attack coming from the same Layer-2
> > network that a router is attached to,
> > it would mean there was already a serious security incident that
> > occured to give the attacker that special point to attack from.
> That's one possibility.
>
> The other likely possibility is that you are a University.
Nope. Unless you want to add "or you are a cable provider, or you are a DSL
provider, or you are a...." to that. (Hint - what percent of students launch DoS
attacks that cut themselves off from the net? Compare to what percent of
non-student machines out on cable and DSL are botted or pwned)
Even if you're a university with resident students, if said students are on the
same Layer-2 as anything you actually care about, you have a serious security
incident.
"Student manages to DoS the router out of the dorm and strands 3 floors of dorm
without internet" is just as interesting as "Joe Sixpack manages to DoS the
router at the cable head end and strands 3 blocks of Comcast customers without
internet", for the *exact same reasons*. If the student is able to play more
level-2 games than Joe Sixpack can, you misdesigned your network.
--==_Exmh_1310746539_7500P
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Exmh version 2.5 07/13/2001
iD8DBQFOIGercC3lWbTT17ARAogkAKDCd5tnemB33a6aqFi27/MCYK0n5gCcCL7R
dwtE1CJvaG9ZgyJItFaz+aw=
=FuV4
-----END PGP SIGNATURE-----
--==_Exmh_1310746539_7500P--
