[45321] in North American Network Operators' Group
Re: distributed attack, high or not
daemon@ATHENA.MIT.EDU (Tom Sands)
Thu Jan 31 10:36:26 2002
Message-ID: <3C5966B0.5C1E809C@rackspace.com>
Date: Thu, 31 Jan 2002 09:45:52 -0600
From: Tom Sands <tsands@rackspace.com>
MIME-Version: 1.0
To: nanog@merit.edu
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Errors-To: owner-nanog-outgoing@merit.edu
"Joseph T. Klein" wrote:
> I saw what appears to be a distributed attack against a single IP
> address that reached nearly 500Mbs. I was thinking that this is
> high. Are people seeing any random attacks of this magnitude?
> --
> Joseph T. Klein
> jtk@titania.net
We have seen attacks of this magnitude on a rise. Most of the attacks
however haven't been spoofed. Spoofing is not really needed when
generating an attack of this size from possibly thousands of machines,
especially when targeting only a single IP. The ability to track such
a large attack with so many sources is fairly slim. When seeing so many
random sources I wouldn't immediately assume it's spoofed.
--
Tom Sands
Chief Network Engineer
RackSpace Managed Hosting
tsands@rackspace.com
(210)892-4000
