[193176] in North American Network Operators' Group


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: [Tier1 ISP] : Vulnerable to a new DDoS amplification attack

daemon@ATHENA.MIT.EDU (Roland Dobbins)
Thu Dec 22 14:01:28 2016

X-Original-To: nanog@nanog.org
From: Roland Dobbins <rdobbins@arbor.net>
To: NANOG <nanog@nanog.org>
Date: Fri, 23 Dec 2016 00:04:03 +0700
In-Reply-To: <CAL9Qcx6G1aSUyywyRPLrJTKTsYRoWehADfdoXaAOOCkb6GCJ7A@mail.gmail.com>
Errors-To: nanog-bounces@nanog.org


On 22 Dec 2016, at 23:56, Tom Beecher wrote:

> What he did was send 1500 byte ICMP packets with a max TTL at an IP =

> address that is not reachable due to a routing loop.

Same here.  Here's some context I sent him:

<https://www.usenix.org/legacy/events/imc05/tech/full_papers/xia/xia_html=
/imc05-paper-128-final.html>

<http://nanog.org/meetings/nanog36/presentations/xia.pdf>

<https://youtu.be/cWF4p5EuvQk>

Note related discussion of mitigation tactics here (e.g., TTL-based =

filtering via tACLs):

<http://www.cisco.com/c/en/us/about/security-center/ttl-expiry-attack.htm=
l>

-----------------------------------
Roland Dobbins <rdobbins@arbor.net>


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[193176] in North American Network Operators' Group

Re: [Tier1 ISP] : Vulnerable to a new DDoS amplification attack

daemon@ATHENA.MIT.EDU (Roland Dobbins)Thu Dec 22 14:01:28 2016

daemon@ATHENA.MIT.EDU (Roland Dobbins)
Thu Dec 22 14:01:28 2016