[54787] in North American Network Operators' Group
Re: Is there a line of defense against Distributed Reflective attacks?
daemon@ATHENA.MIT.EDU (hc)
Thu Jan 16 23:59:55 2003
Date: Thu, 16 Jan 2003 23:57:06 -0500
From: hc <haesu@towardex.com>
To: "Christopher L. Morrow" <chris@UU.NET>
Cc: Brad Laue <brad@brad-x.com>, nanog@merit.edu
Errors-To: owner-nanog-outgoing@merit.edu
--------------050407080702030603000504
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
>
>Normally that's not very productive as they are mostly owned boxes that
>will be rebuilt and reowned in days :(
>
I agree, keeping track of the attacks would not be very useful nor
helpful. I bet if more ISP's would implement egress filtering on their
border routers, it'd help quite a bit. Of course, egress filters don't
solve the issue. But considering most script kiddies' intelligence level
is limited, it will help at least a bit. :-) The problem with egress
filtering is that it's mostly applicable at the end tier2+ level, not at
the backbones, which means a lot of ISP's who are oblivious on what it
is (or some cases where egress filter breaks their network setup).
-hc
--------------050407080702030603000504
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title></title>
</head>
<body>
<br>
<blockquote type="cite"
cite="midPine.GSO.4.33.0301170427470.19744-100000@rampart.argfrp.us.uu.net">
<pre wrap=""><!---->
Normally that's not very productive as they are mostly owned boxes that
will be rebuilt and reowned in days :(</pre>
</blockquote>
I agree, keeping track of the attacks would not be very useful nor helpful.
I bet if more ISP's would implement egress filtering on their border routers,
it'd help quite a bit. Of course, egress filters don't solve the issue. But
considering most script kiddies' intelligence level is limited, it will help
at least a bit. :-) The problem with egress filtering is that it's mostly
applicable at the end tier2+ level, not at the backbones, which means a lot
of ISP's who are oblivious on what it is (or some cases where egress filter
breaks their network setup).<br>
<br>
-hc
</body>
</html>
--------------050407080702030603000504--
