[149557] in North American Network Operators' Group
Re: UDP port 80 DDoS attack
daemon@ATHENA.MIT.EDU (bas)
Wed Feb 8 08:04:15 2012
In-Reply-To: <596B74B410EE6B4CA8A30C3AF1A155EA09CBCE53@RWC-MBX1.corp.seven.com>
Date: Wed, 8 Feb 2012 14:03:19 +0100
From: bas <kilobit@gmail.com>
To: George Bonser <gbonser@seven.com>, nanog <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Wed, Feb 8, 2012 at 10:56 AM, George Bonser <gbonser@seven.com> wrote:
> I'll put it another way. Any provider that does not police their customer traffic has no business whining about DoS problems.
Most of us prevent their customers from sending out spoofed traffic.
77% of all networks seem to think so.
http://spoofer.csail.mit.edu/summary.php
However the remaining networks allow spoofed traffic to egress their networks.
When that traffic enters my network, I have no method whatsoever to
differentiate it from any other traffic.
I could ask my upstream where they see it coming from, which will be
quite hard if they do not have pretty fancy systems.
But if they receive it from a peer, I am as good as lost in trying to
find the culprit.
Bas
