[169297] in North American Network Operators' Group
Re: NTP DRDos Blog post
daemon@ATHENA.MIT.EDU (John)
Thu Feb 20 14:38:53 2014
Date: Thu, 20 Feb 2014 11:37:57 -0800
From: John <jw@nuclearfallout.net>
To: nanog@nanog.org
In-Reply-To: <DDAED3BB-FDF0-404C-B11B-9D60EDF72C11@puck.nether.net>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On 2/20/2014 9:17 AM, Jared Mauch wrote:
> I'll split the difference, folks in operational security dislike the term as they
> feel it's inaccurate. They tend to think it's marketing vs operational related.
>
> Reflection attacks are considered a sub-type of DoS/DDoS and do not require a new
> term. It's the same problem folks have with absolute terms like "Unlimited Data"
> with the asterisk.
>
> Can I direct the knife-fights about that part off-list? :) (and preferably exclude me,
> i get enough email).
This is not a new term (certainly >12yo) and one that I see as useful,
just as it is useful to differentiate between a DoS and a DDoS. That
extra "D" tells you that it's "distributed". Add an "R" and now it's
"reflected" -- an important difference.
If it's seen as being recently co-opted and misused by marketing people,
then that's a shame. But its practicality trumps that in my eyes. And I
am definitely on the operational security side here.
I do generally prefer "X reflection/amplification attack", as Roland
suggested, as it is more specific.
-John
