[177329] in North American Network Operators' Group
Re: DDOS solution recommendation
daemon@ATHENA.MIT.EDU (Brandon Ross)
Mon Jan 12 15:17:54 2015
X-Original-To: nanog@nanog.org
Date: Mon, 12 Jan 2015 15:17:36 -0500 (EST)
From: Brandon Ross <bross@pobox.com>
To: Mike Hammett <nanog@ics-il.net>
In-Reply-To: <24459190.3096.1421011316528.JavaMail.mhammett@ThunderFuck>
Cc: NANOG list <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
On Sun, 11 Jan 2015, Mike Hammett wrote:
> I know that UDP can be spoofed, but it's not likely that the SSH, mail,
> etc. login attempts, web page hits, etc. would be spoofed as they'd have
> to know the response to be of any good.
Okay, so I'm curious. Are you saying that you do not automatically block
attackers until you can confirm a 3-way TCP handshake has been completed,
and therefore you aren't blocking sources that were spoofed? If so,
how are you protecting yourself against SYN attacks? If not, then you've
made it quite easy for attackers to deny any source they want.
--
Brandon Ross Yahoo & AIM: BrandonNRoss
+1-404-635-6667 ICQ: 2269442
Skype: brandonross
Schedule a meeting: http://www.doodle.com/bross
