[54996] in North American Network Operators' Group
Re: Is there a line of defense against Distributed Reflective attacks?
daemon@ATHENA.MIT.EDU (alex@yuriev.com)
Thu Jan 23 09:52:52 2003
Date: Thu, 23 Jan 2003 09:51:39 -0500 (EST)
From: alex@yuriev.com
To: "Christopher L. Morrow" <chris@UU.NET>
Cc: Brad Laue <brad@brad-x.com>, nanog@merit.edu
In-Reply-To: <Pine.GSO.4.33.0301170353330.19744-100000@rampart.argfrp.us.uu.net>
Errors-To: owner-nanog-outgoing@merit.edu
> Doesn't ECN depend on 'well behaved' traffic? In other words, wouldn't it
> require the hosts sending traffic to slow down? So... even if the hosts
> slowed down, 10,000 hosts still is a high traffic rate at the end point.
> :(
Yes, for ECN to work the sending host must honor the slowdown request/ It
does happen transparently for most types of sockets, however the attacker
can and will disable ECN with a single syscall.
Alex
