[38905] in North American Network Operators' Group
Few questions to the american ISPs [Re: DDOS anecdotes]
daemon@ATHENA.MIT.EDU (Alexei Roudnev)
Sat Jun 23 15:01:11 2001
Message-ID: <00d101c0fc16$6066be00$9eb431c6@oemcomputer>
From: "Alexei Roudnev" <alex@relcom.EU.net>
To: <nanog@merit.edu>, "Sean M. Doran" <smd@clock.org>
Date: Sat, 23 Jun 2001 11:57:37 -0700
MIME-Version: 1.0
Content-Type: text/plain;
charset="windows-1251"
Content-Transfer-Encoding: 7bit
Errors-To: owner-nanog-outgoing@merit.edu
It's nice story, but nothing new except XT/2000 options allowing to generate SRC
address.
But when (at last) it happen:
- use WFQ over all custiomer's links (if you have WFQ no such brute attack
succeed, it only slow you down but does not block you);
- Cisco force all IP fragments to be queued into the single WFQ query and allow
filtering of the FRAGMENTS
- any big ISP have skilled security person available. When I worked in Russia, it
took 10 - 15 minutes to contact your ISP and install such filters; for EUnet, it
took 20 minutes; for TELIA, it was the same. For any amertican ISP, it took a week
(UUnet was an exception)...
- all cable providers will have src address filters, so preventing src address
frauding.
It was discussed 5 years ago; it was discussed 2 years ago; it's discussed today.
When something change?
Alexei Roudnev
----- Original Message -----
From: "Sean M. Doran" <smd@clock.org>
To: <nanog@merit.edu>
Sent: Saturday, June 23, 2001 8:30 AM
Subject: DDOS anecdotes
>
>
> Some of you may find http://grc.com/dos/grcdos.htm
> very interesting.
>
> Sean.
>
