[54997] in North American Network Operators' Group
Re: Is there a line of defense against Distributed Reflective attacks?
daemon@ATHENA.MIT.EDU (alex@yuriev.com)
Thu Jan 23 09:59:45 2003
Date: Thu, 23 Jan 2003 09:58:31 -0500 (EST)
From: alex@yuriev.com
To: "Christopher L. Morrow" <chris@UU.NET>
Cc: Brad Laue <brad@brad-x.com>, hc <haesu@towardex.com>,
nanog@merit.edu
In-Reply-To: <Pine.GSO.4.33.0301170427470.19744-100000@rampart.argfrp.us.uu.net>
Errors-To: owner-nanog-outgoing@merit.edu
> > > Sure, but this like all other attacks of this sort can be tracked... and
> > > so the pain is over /quickly/ provided you can track it quickly :) Also,
> > > sometimes null routes are ok.
> >
> > How quickly is quickly? Often times as has been my recent experience
> > (part of my motivation for posting this thread) the flood is over before
> > one can get a human being on the phone.
>
> Once the call arrives and the problem is deduced it can be tracked in a
> matter of minutes, like 6-10 at the fastest...
So if one wants to create a really nasty, largely untrackable problem,
one just needs to mount a set of attacks that last 3-4 minutes at a time?
This is a very bad band-aid. The solution is amazingly simple - make it
uneconomical to have unprotected networks, the same way as it is
uneconomical for businesses that rely on internet for critical
communications not to have a firewall in place when purchasing business
interruption insurance.
Alex
