[39500] in North American Network Operators' Group
Re: DDOS prevention offensive.
daemon@ATHENA.MIT.EDU (Jason Slagle)
Thu Jul 12 13:19:57 2001
Date: Thu, 12 Jul 2001 13:19:26 -0400 (EDT)
From: Jason Slagle <raistlin@tacorp.net>
To: Bill Larson <blarson@compu.net>
Cc: Rob Thomas <robt@cymru.com>, nanog@merit.edu
In-Reply-To: <001101c10af6$275fb1e0$2223f8d8@compu.net>
Message-ID: <Pine.BSO.4.21.0107121318520.32038-100000@mail.tacorp.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Errors-To: owner-nanog-outgoing@merit.edu
On Thu, 12 Jul 2001, Bill Larson wrote:
>
> Well to sum it up in one sentence. If you eliminate the bogus addresses, you
> can then target the actual zombie machines used to attack the site and
> eventually eliminate the risk via patching or null route them. So filtering
> bogus addresses, non-routable addresses, and the addresses, which do not
> belong to your net blocks, would serve to combat the denial of service
> attacks.
I believe the attacks in question are actually non-spoofed.
It's getting the source networks to remove the boxes that is the
problem. Most of them are .edu.
--
Jason Slagle - CCNP - CCDP
Network Administrator - Toledo Internet Access - Toledo Ohio
- raistlin@tacorp.net - jslagle@toledolink.com - WHOIS JS10172
/"\ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
\ / ASCII Ribbon Campaign . Interim Team Lead - . Admin -
X - NO HTML/RTF in e-mail . Coders . wombat.dal.net
/ \ - NO Word docs in e-mail . Team Lead - Exploits . DALnet IRC Network
