[60067] in North American Network Operators' Group
Re: WANTED: ISPs with DDoS defense solutions
daemon@ATHENA.MIT.EDU (Petri Helenius)
Thu Jul 31 09:24:35 2003
From: "Petri Helenius" <pete@he.iki.fi>
To: <variable@ednet.co.uk>, "Rob Thomas" <robt@cymru.com>
Cc: "NANOG" <nanog@merit.edu>
Date: Thu, 31 Jul 2003 16:23:50 +0300
Errors-To: owner-nanog-outgoing@merit.edu
I would say that because backdoored hosts are easily available in large
quantities, spoofing does not make sense and usually alarms various systems
more quickly than packets from legitimate addresses.
Pete
----- Original Message -----
From: <variable@ednet.co.uk>
To: "Rob Thomas" <robt@cymru.com>
Cc: "NANOG" <nanog@merit.edu>
Sent: Thursday, July 31, 2003 4:17 PM
Subject: Re: WANTED: ISPs with DDoS defense solutions
>
> On Wed, 30 Jul 2003, Rob Thomas wrote:
>
> > I've tracked 1787 DDoS attacks since 01 JAN 2003. Of that number,
> > only 32 used spoofed sources. I rarely see spoofed attacks now.
>
> Do you have any ideas as to why that is? Is it due to more providers
> doing source filtering? It wouldn't make sense for attackers to become
> less sophisticated unless they became more difficult to catch for other
> reasons (e.g. botnets getting bigger).
>
> Rich
>
>
