[39520] in North American Network Operators' Group
RE: DDOS prevention offensive.
daemon@ATHENA.MIT.EDU (Roeland Meyer)
Thu Jul 12 17:52:45 2001
Message-ID: <EA9368A5B1010140ADBF534E4D32C728025A15@condor.mhsc.com>
From: Roeland Meyer <rmeyer@mhsc.com>
To: 'Jason Slagle' <raistlin@tacorp.net>,
Bill Larson <blarson@compu.net>
Cc: Rob Thomas <robt@cymru.com>, nanog@merit.edu
Date: Thu, 12 Jul 2001 14:57:29 -0700
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Errors-To: owner-nanog-outgoing@merit.edu
> From: Jason Slagle [mailto:raistlin@tacorp.net]
> Sent: Thursday, July 12, 2001 10:19 AM
>
> On Thu, 12 Jul 2001, Bill Larson wrote:
>
> > Well to sum it up in one sentence. If you eliminate the
> bogus addresses, you
> > can then target the actual zombie machines used to attack
> the site and
> > eventually eliminate the risk via patching or null route
> them. So filtering
> > bogus addresses, non-routable addresses, and the addresses,
> which do not
> > belong to your net blocks, would serve to combat the denial
> of service
> > attacks.
>
>
> I believe the attacks in question are actually non-spoofed.
>
> It's getting the source networks to remove the boxes that is the
> problem. Most of them are .edu.
Aha! I knew there was a reason that I filter EDU <g>.
