[149558] in North American Network Operators' Group
Re: UDP port 80 DDoS attack
daemon@ATHENA.MIT.EDU (bas)
Wed Feb 8 08:08:15 2012
In-Reply-To: <367B263E-3E18-48C6-829F-1F8C84FFFAEF@arbor.net>
Date: Wed, 8 Feb 2012 14:07:19 +0100
From: bas <kilobit@gmail.com>
To: "Dobbins, Roland" <rdobbins@arbor.net>
Cc: NANOG Group <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Wed, Feb 8, 2012 at 9:29 AM, Dobbins, Roland <rdobbins@arbor.net> wrote:
>
> On Feb 8, 2012, at 2:56 PM, bas wrote:
>
>> The big drawback with S/RTBH is that it is a DoS method in itself.
>
> I'm not an advocate of *automated* S/RTBH, and I am an advocate of whitelisting various well-known 'golden networks/IPs'
So I would need to find out which networks you would have classified
as "golden" and use those as sources for my DDoS.
Either I can achieve DoS with S/RTBH, or I can abuse the "golden
networks" to circumvent S/RTBH.
As far as I see it S/RTBH is in no way a solution against smart
attackers, of course it does help against all the kiddie attacks out
there.
Bas
