[54794] in North American Network Operators' Group
Re: Is there a line of defense against Distributed Reflective attacks?
daemon@ATHENA.MIT.EDU (Christopher L. Morrow)
Fri Jan 17 00:25:15 2003
Date: Fri, 17 Jan 2003 05:20:59 +0000 (GMT)
From: "Christopher L. Morrow" <chris@UU.NET>
To: hc <haesu@towardex.com>
Cc: Brad Laue <brad@brad-x.com>,
"Christopher L. Morrow" <chris@UU.NET>, <nanog@merit.edu>
In-Reply-To: <3E278EBC.2050803@towardex.com>
Errors-To: owner-nanog-outgoing@merit.edu
On Fri, 17 Jan 2003, hc wrote:
> >
> >
> >>
> >
> > Good point.
> >
> > I suppose another basic but effective method of prevention would be
> > egress filtering. An increasing minority of network providers are
> > instituting it, but it doesn't seem like it will be a widespread thing
> > in the near-term.
> >
>
> Yes, but egress filtering is only effective by far. Anyone can forge the
> source to an IP address that belongs to one of the /16's a provider
> advertises.
filter close to the end host, this limits (mostly) to the local /24 or /25
or /2(>5)...
>
> It will help of course, but really not The solution... Or is there one?
>
haha, there isn't one :( since even with no spoofing you can muster an
army of 100,000 IIS servers still scanning for nimda :(
