[47818] in North American Network Operators' Group
Re: Arbor Networks DoS defense product
daemon@ATHENA.MIT.EDU (Rob Thomas)
Wed May 15 18:50:32 2002
Date: Wed, 15 May 2002 17:49:59 -0500 (CDT)
From: Rob Thomas <robt@cymru.com>
To: NANOG <nanog@merit.edu>
In-Reply-To: <Pine.LNX.4.44.0205151528200.32573-100000@sasami.anime.net>
Message-ID: <ROTMAILER.0205151748190.17216-100000@dragon.sauron.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Errors-To: owner-nanog-outgoing@merit.edu
Hi, Dan.
] I don't think spoofing will be a problem for the landmines. Most attacks
] (99%?) are tcp.
Hmm... Not based on my research. The most common attack capabilities in
the bots are ICMP and UDP flooders. After that, IGMP. Last, TCP. Most
of the DoS tools contain the same attack types as the bots.
On the receiving end, upwards of 80% of all the woe I track is not TCP.
Thanks,
Rob.
--
Rob Thomas
http://www.cymru.com/~robt
ASSERT(coffee != empty);
