[182855] in North American Network Operators' Group


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: GoDaddy : DDoS : : Contact

daemon@ATHENA.MIT.EDU (Roland Dobbins)
Mon Aug 3 08:51:32 2015

X-Original-To: nanog@nanog.org
From: "Roland Dobbins" <rdobbins@arbor.net>
To: nanog@nanog.org
Date: Mon, 03 Aug 2015 19:51:23 +0700
In-Reply-To: <C5936B5A-552D-4067-8F24-01B1B6909DDD@beckman.org>
Errors-To: nanog-bounces@nanog.org

On 3 Aug 2015, at 19:40, Mel Beckman wrote:

> What would be the point of spoofing the source IPs to be identical? 
> You're just making the attack trivial to block.

Attackers do strange things all the time.

Most endpoint organizations don't have any way to detect/classify DDoS 
traffic, so they've no idea how to block it.

Plus, it can asymmetrically strain load-balanced server instances, 
links, et. al.

Most DDoS attacks don't involve TCP and 3-way handshakes.  That isn't to 
say they aren't common, but one oughtn't to assume that having the 
ability to do so is a prerequisite for an attacker.

-----------------------------------
Roland Dobbins <rdobbins@arbor.net>


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[182855] in North American Network Operators' Group

Re: GoDaddy : DDoS : : Contact

daemon@ATHENA.MIT.EDU (Roland Dobbins)Mon Aug 3 08:51:32 2015

daemon@ATHENA.MIT.EDU (Roland Dobbins)
Mon Aug 3 08:51:32 2015