[54788] in North American Network Operators' Group
Re: Is there a line of defense against Distributed Reflective attacks?
daemon@ATHENA.MIT.EDU (Valdis.Kletnieks@vt.edu)
Fri Jan 17 00:02:58 2003
To: "Christopher L. Morrow" <chris@UU.NET>
Cc: nanog@merit.edu
In-Reply-To: Your message of "Fri, 17 Jan 2003 04:29:07 GMT."
<Pine.GSO.4.33.0301170427470.19744-100000@rampart.argfrp.us.uu.net>
From: Valdis.Kletnieks@vt.edu
Date: Fri, 17 Jan 2003 00:00:34 -0500
Errors-To: owner-nanog-outgoing@merit.edu
--==_Exmh_-786221742P
Content-Type: text/plain; charset=us-ascii
On Fri, 17 Jan 2003 04:29:07 GMT, "Christopher L. Morrow" said:
>
> > How quickly is quickly? Often times as has been my recent experience
> > (part of my motivation for posting this thread) the flood is over before
> > one can get a human being on the phone.
>
> Once the call arrives and the problem is deduced it can be tracked in a
> matter of minutes, like 6-10 at the fastest...
Yes, but *YOUR* crew has a reputation for having a clue. I'm willing to
bet that "once the call arrives" is a challenge for a lot of smaller ISPs
that don't even *HAVE* a security team, and "the problem is deduced" is
a challenge for the ones that have a team that don't have a clue.
We see a *LOT* of postings here "anybody know a clueful at XYZ, we've been
DDoS'ed for 36 hours"....
--
Valdis Kletnieks
Computer Systems Senior Engineer
Virginia Tech
--==_Exmh_-786221742P
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Exmh version 2.5 07/13/2001
iD8DBQE+J43xcC3lWbTT17ARAkLBAKDlNASjrwQB6cEMHvYS6MpTzvFYrQCeLFjY
MJprdx8AE74Ag9deJPJxhTo=
=wLrV
-----END PGP SIGNATURE-----
--==_Exmh_-786221742P--
