[55007] in North American Network Operators' Group
Re: Is there a line of defense against Distributed Reflective attacks?
daemon@ATHENA.MIT.EDU (Michael Lamoureux)
Thu Jan 23 21:50:15 2003
To: alex@yuriev.com
Cc: "Christopher L. Morrow" <chris@UU.NET>,
Brad Laue <brad@brad-x.com>, hc <haesu@towardex.com>, nanog@merit.edu
Reply-To: lamour@UU.NET
From: Michael Lamoureux <lamour@mail.argfrp.us.uu.net>
Date: 23 Jan 2003 21:47:04 -0500
In-Reply-To: alex@yuriev.com's message of "Thu, 23 Jan 2003 09:58:31 -0500 (EST)"
Errors-To: owner-nanog-outgoing@merit.edu
"alex" == alex <alex@yuriev.com> writes:
>> > > Sure, but this like all other attacks of this sort can be
>> > > tracked... and so the pain is over /quickly/ provided you can
>> > > track it quickly :) Also, sometimes null routes are ok.
>> >
>> > How quickly is quickly? Often times as has been my recent
>> > experience (part of my motivation for posting this thread) the
>> > flood is over before one can get a human being on the phone.
>>
>> Once the call arrives and the problem is deduced it can be tracked
>> in a matter of minutes, like 6-10 at the fastest...
alex> So if one wants to create a really nasty, largely untrackable
alex> problem, one just needs to mount a set of attacks that last 3-4
alex> minutes at a time?
Sure, that's one way to make it difficult.
alex> This is a very bad band-aid. The solution is amazingly simple -
Just to be clear, the solution to WHAT is amazingly simple?
alex> make it uneconomical to have unprotected networks,
For whom to have unprotected networks? What constitutes a protected
network? How does one make it uneconomical enough?
wondering,
Michael
