[52974] in North American Network Operators' Group
Re: DNS issues various
daemon@ATHENA.MIT.EDU (David G. Andersen)
Thu Oct 24 16:32:01 2002
Date: Thu, 24 Oct 2002 16:30:20 -0400
From: "David G. Andersen" <dga@lcs.mit.edu>
To: Richard A Steenbergen <ras@e-gerbil.net>
Cc: "Kelly J. Cooper" <kcooper@genuity.net>, nanog@merit.edu
Mail-Followup-To: "David G. Andersen" <dga@lcs.mit.edu>,
Richard A Steenbergen <ras@e-gerbil.net>,
"Kelly J. Cooper" <kcooper@genuity.net>, nanog@merit.edu
In-Reply-To: <20021024200718.GD587@overlord.e-gerbil.net>
Errors-To: owner-nanog-outgoing@merit.edu
On Thu, Oct 24, 2002 at 04:07:18PM -0400, Richard A Steenbergen mooed:
>
> We're still working on the distributed attacks, but eventually we'll come
> up with something just as effective. If it was as easy to scan for
> networks who don't spoof filter as it is to scan for networks with open
> broadcasts, I think we'd have had that problem licked too.
Are you sure?
* A smurf attack hurts the open broadcast network as much (or more)
than it does the victim. A DDoS attack from a large number
of sites need not be all that harmful to any one traffic source.
* 'no ip directed broadcast', which is becoming the default behavior
for many routers and end-systems,
vs.
'access-list 150 deny ip ... any'
'access-list 150 deny ip ... any'
...
'access-list 150 permit ip any any'
(ignoring rpf, which doesn't work for everyone).
Until the default behavior of most systems is to block spoofed packets,
it's going to remain a problem.
-Dave, whose glass is half-empty this week. :)
--
work: dga@lcs.mit.edu me: dga@pobox.com
MIT Laboratory for Computer Science http://www.angio.net/
I do not accept unsolicited commercial email. Do not spam me.
