[32042] in North American Network Operators' Group
Re: DoS attacks, NSPs unresponsiveness
daemon@ATHENA.MIT.EDU (dies)
Sat Nov 4 00:34:45 2000
Date: Sat, 4 Nov 2000 00:47:47 -0500 (EST)
From: dies <dies@pulltheplug.com>
To: John Payne <john@sackheads.org>
Cc: nanog@merit.edu
In-Reply-To: <20001103184857.B9873@haybaler.sackheads.org>
Message-ID: <Pine.BSO.4.21.0011040044420.19331-100000@dawoozie.pulltheplug.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Errors-To: owner-nanog-outgoing@merit.edu
Hmmm...
This would
> > prevent one from actually attacking from a network participating in
this
> > BGP session.
That is from my email...It stops the attack from happening...It will not
stop the attack if it is ongoing...Was there some confusion in how I
stated that?
On Fri, 3 Nov 2000, John Payne wrote:
>
> On Thu, Nov 02, 2000 at 10:29:51PM -0500, dies wrote:
> > This topic is continously covered (as you can tell) so I'm not
> > sure where to go from here. I've been looking into starting a BGP speaker
> > that announces the top 4000 smurf amplifiers from my list and the top 2000
> > from netscan, which in turn can be pushed to null0 or discard. This would
> > prevent one from actually attacking from a network participating in this
> > BGP session. I've tested it and it's working on a couple smaller ISPs as
> > we speak. My major problem is getting some Tier-1's to go for
> > it...Anyways I guess larger attacks than last Feb. will have to happen to
> > get something done? Let's hope not...
>
> Oh, do tell... how does the fact that you null route smurf amps stop those
> amps attacking you?
>
> --
> John Payne http://www.sackheads.org/jpayne/ john@sackheads.org
> http://www.sackheads.org/uce/ Fax: +44 870 0547954
> To send me mail, use the address in the From: header
>
>
