[149461] in North American Network Operators' Group
Re: UDP port 80 DDoS attack
daemon@ATHENA.MIT.EDU (Keegan Holley)
Sun Feb 5 20:51:54 2012
In-Reply-To: <B8DFDDB0-CDDE-403E-A782-CCBECE248FB0@arbor.net>
From: Keegan Holley <keegan.holley@sungard.com>
Date: Sun, 5 Feb 2012 20:50:23 -0500
To: "Dobbins, Roland" <rdobbins@arbor.net>
Cc: NANOG Group <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
2012/2/5 Dobbins, Roland <rdobbins@arbor.net>
>
> On Feb 6, 2012, at 8:37 AM, Keegan Holley wrote:
>
> > Source RTBH often falls victim to rapidly changing or spoofed source
> IP"s.
>
> S/RTBH can be rapidly shifted in order to deal with changing purported
> source IPs, and it isn't limited to /32s. It's widely supported on Cisco
> and Juniper gear (flowspec is a better choice on Juniper gear).
>
> I was referring to support from ISP's not from hardware vendors.
If folks don't want to read the presos or search through the archives,
> that's fine, of course. The fact is that there are quite a few things that
> operators can and should do in order to mitigate DDoS attacks; and making
> the perfect the enemy of the merely good only helps the attackers, doesn't
> it?
>
> Yes but assuming everything discussed at a conference is instantly adopted
by the entire industry gives one false hope no?
