[149459] in North American Network Operators' Group
Re: UDP port 80 DDoS attack
daemon@ATHENA.MIT.EDU (Dobbins, Roland)
Sun Feb 5 20:44:45 2012
From: "Dobbins, Roland" <rdobbins@arbor.net>
To: NANOG Group <nanog@nanog.org>
Date: Mon, 6 Feb 2012 01:43:52 +0000
In-Reply-To: <CABO8Q6QuoU6=0YfaLH_ZcMHwN-hOcWSJhQ1nZXJEFRiRonsJBA@mail.gmail.com>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Feb 6, 2012, at 8:37 AM, Keegan Holley wrote:
> Source RTBH often falls victim to rapidly changing or spoofed source IP"s=
.=20
S/RTBH can be rapidly shifted in order to deal with changing purported sour=
ce IPs, and it isn't limited to /32s. It's widely supported on Cisco and J=
uniper gear (flowspec is a better choice on Juniper gear).
If folks don't want to read the presos or search through the archives, that=
's fine, of course. The fact is that there are quite a few things that ope=
rators can and should do in order to mitigate DDoS attacks; and making the =
perfect the enemy of the merely good only helps the attackers, doesn't it?
;>
-----------------------------------------------------------------------
Roland Dobbins <rdobbins@arbor.net> // <http://www.arbornetworks.com>
The basis of optimism is sheer terror.
-- Oscar Wilde
