[182869] in North American Network Operators' Group
Re: GoDaddy : DDoS : : Contact
daemon@ATHENA.MIT.EDU (Roland Dobbins)
Mon Aug 3 10:00:26 2015
X-Original-To: nanog@nanog.org
From: "Roland Dobbins" <rdobbins@arbor.net>
To: nanog@nanog.org
Date: Mon, 03 Aug 2015 21:00:15 +0700
In-Reply-To: <D6E3F91B-B97C-4165-ADD9-9BDB0D0A4079@beckman.org>
Errors-To: nanog-bounces@nanog.org
On 3 Aug 2015, at 20:35, Mel Beckman wrote:
> But SYN floods are easily detected and deflected by all modern
> firewalls. If a handshake doesn’t complete within a certain time
> interval, the SYN is discarded.
This is incorrect. I've seen a 20gb/sec stateful firewall taken down by
a 3mb/sec spoofed SYN-flood due to DDoS exhaustion. I've seen a
10gb/sec load-balancer taken down by 60s of 6kpps of HOIC:
<https://app.box.com/s/a3oqqlgwe15j8svojvzl>
> The majority I’ve seen, however, are TCP.
<https://en.wikipedia.org/wiki/Hasty_generalization>
> In any event, I think it’s not useful to misuse the term DDoS, and
> that it refers to any attack where the source addresses are
> distributed across the Internet, making them difficult to identify and
> therefore block.
Again, that ship sailed long ago.
-----------------------------------
Roland Dobbins <rdobbins@arbor.net>
