[60070] in North American Network Operators' Group
Re: WANTED: ISPs with DDoS defense solutions
daemon@ATHENA.MIT.EDU (Stephen J. Wilcox)
Thu Jul 31 09:36:05 2003
Date: Thu, 31 Jul 2003 14:30:18 +0100 (BST)
From: "Stephen J. Wilcox" <steve@telecomplete.co.uk>
To: Petri Helenius <pete@he.iki.fi>
Cc: variable@ednet.co.uk, Rob Thomas <robt@cymru.com>,
NANOG <nanog@merit.edu>
In-Reply-To: <00bf01c35766$fad3a180$812a40c1@PETEX31>
Errors-To: owner-nanog-outgoing@merit.edu
I take it folks havent started implementing RFC3514 yet, should solve all these
issues....
Steve
On Thu, 31 Jul 2003, Petri Helenius wrote:
>
>
> I would say that because backdoored hosts are easily available in large
> quantities, spoofing does not make sense and usually alarms various systems
> more quickly than packets from legitimate addresses.
>
> Pete
>
> ----- Original Message -----
> From: <variable@ednet.co.uk>
> To: "Rob Thomas" <robt@cymru.com>
> Cc: "NANOG" <nanog@merit.edu>
> Sent: Thursday, July 31, 2003 4:17 PM
> Subject: Re: WANTED: ISPs with DDoS defense solutions
>
>
> >
> > On Wed, 30 Jul 2003, Rob Thomas wrote:
> >
> > > I've tracked 1787 DDoS attacks since 01 JAN 2003. Of that number,
> > > only 32 used spoofed sources. I rarely see spoofed attacks now.
> >
> > Do you have any ideas as to why that is? Is it due to more providers
> > doing source filtering? It wouldn't make sense for attackers to become
> > less sophisticated unless they became more difficult to catch for other
> > reasons (e.g. botnets getting bigger).
> >
> > Rich
> >
> >
>
