[39497] in North American Network Operators' Group
Re: DDOS prevention offensive.
daemon@ATHENA.MIT.EDU (Rob Thomas)
Thu Jul 12 13:04:05 2001
Date: Thu, 12 Jul 2001 12:03:43 -0500 (CDT)
From: Rob Thomas <robt@cymru.com>
To: <nanog@merit.edu>
In-Reply-To: <p05101002b773830859ea@[209.207.60.21]>
Message-ID: <ROTMAILER.0107121201030.19049-100000@bilbo.sauron.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Errors-To: owner-nanog-outgoing@merit.edu
] Discuss the effect that wide spread filtering against spoofed
] addresses would have on the current number of DDOS attacks.
I performed a statistical analysis of a collection of log files
from one oft-targeted site. The data therein revealed that 68%
of all the naughty packets contained obviously bogon source
addresses (e.g. 127/8).
I wouldn't extrapolate this analysis to fit all sites. I see
more than enough DoS attacks were the source is not spoofed. I
do think such filtering would go a long way towards mitigating
DDoS attacks.
--
Rob Thomas
http://www.cymru.com/~robt
cmn_err(CE_PANIC, "Out of coffee...");
