[47819] in North American Network Operators' Group
Re: Arbor Networks DoS defense product
daemon@ATHENA.MIT.EDU (Dan Hollis)
Wed May 15 19:07:42 2002
Date: Wed, 15 May 2002 16:07:01 -0700 (PDT)
From: Dan Hollis <goemon@anime.net>
To: Rob Thomas <robt@cymru.com>
Cc: NANOG <nanog@merit.edu>
In-Reply-To: <ROTMAILER.0205151748190.17216-100000@dragon.sauron.net>
Message-ID: <Pine.LNX.4.44.0205151602170.723-100000@sasami.anime.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Errors-To: owner-nanog-outgoing@merit.edu
On Wed, 15 May 2002, Rob Thomas wrote:
> ] I don't think spoofing will be a problem for the landmines. Most attacks
> ] (99%?) are tcp.
> Hmm... Not based on my research. The most common attack capabilities in
> the bots are ICMP and UDP flooders. After that, IGMP. Last, TCP. Most
> of the DoS tools contain the same attack types as the bots.
> On the receiving end, upwards of 80% of all the woe I track is not TCP.
You miss the point of this:
We are not landmining for DOSing.
We are landmining to make it very dangerous for attackers to scan networks
and probe hosts.
-Dan
--
[-] Omae no subete no kichi wa ore no mono da. [-]
