[149452] in North American Network Operators' Group
Re: UDP port 80 DDoS attack
daemon@ATHENA.MIT.EDU (Keegan Holley)
Sun Feb 5 20:12:05 2012
In-Reply-To: <3CFD7DF4-2396-4168-9B0F-9F70783CA3F4@arbor.net>
From: Keegan Holley <keegan.holley@sungard.com>
Date: Sun, 5 Feb 2012 20:10:39 -0500
To: "Dobbins, Roland" <rdobbins@arbor.net>
Cc: NANOG Group <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
An entire power point just to recommend ACL's, uRPF, CPP, DHCP snooping,
and RTBH? The first four will not work against a DDOS attack and the last
one just kills the patient so he does not infect other patients. As I said
earlier beyond traffic scrubbing offsite there isn't much defense against
DDOS.
2012/2/5 Dobbins, Roland <rdobbins@arbor.net>
>
> On Feb 6, 2012, at 7:21 AM, Keegan Holley wrote:
>
> > There aren't very many ways to combat DDOS.
>
> Start with the various infrastructure/host/service BCPs, and S/RTBH, as
> outlined in this preso:
>
> <https://files.me.com/roland.dobbins/dweagy>
>
> -----------------------------------------------------------------------
> Roland Dobbins <rdobbins@arbor.net> // <http://www.arbornetworks.com>
>
> The basis of optimism is sheer terror.
>
> -- Oscar Wilde
>
>
>
>
