[174118] in North American Network Operators' Group
Re: where to go to understand DDoS attack vector
daemon@ATHENA.MIT.EDU (Roland Dobbins)
Tue Aug 26 09:05:29 2014
X-Original-To: nanog@nanog.org
From: Roland Dobbins <rdobbins@arbor.net>
In-Reply-To: <53FC7B1F.9040409@meetinghouse.net>
Date: Tue, 26 Aug 2014 20:05:10 +0700
To: NANOG <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
On Aug 26, 2014, at 7:18 PM, Miles Fidelman <mfidelman@meetinghouse.net> =
wrote:
> Can you say a bit more about what I might look for in trying to track =
this down?
Fuzz your IPMI boards?
;>
My guess is that this is going to come to light sooner rather than =
later. We're getting reports of other DDoS attacks which seem to match =
this scenario involving IPMI boards.
There's no real reason to try and track it down, from an operational =
standpoint, is there> Management-plane things like IMPI boards =
shouldn't be open to the general Internet; put them behind ACLs and use =
a VPN. Problem solved.
----------------------------------------------------------------------
Roland Dobbins <rdobbins@arbor.net> // <http://www.arbornetworks.com>
Equo ne credite, Teucri.
-- Laoco=F6n
