[60266] in North American Network Operators' Group
Re: WANTED: ISPs with DDoS defense solutions
daemon@ATHENA.MIT.EDU (Vadim Antonov)
Tue Aug 5 03:35:23 2003
Date: Tue, 5 Aug 2003 00:33:50 -0700 (PDT)
From: Vadim Antonov <avg@kotovnik.com>
To: "Christopher L. Morrow" <chris@UU.NET>
Cc: nanog@merit.edu
In-Reply-To: <Pine.GSO.4.53.0308050405420.693@rampart.argfrp.us.uu.net>
Errors-To: owner-nanog-outgoing@merit.edu
On Tue, 5 Aug 2003, Christopher L. Morrow wrote:
> > Spoofed packets are harder to trace to the source than non-spoofed
> > packets. Knowing where a malicious packet is very important to the
>
> this is patently incorrect: www.secsup.org/Tracking/ has some information
> you might want to review. Tracking spoofed attacks is infact EASIER than
> non-spoofed attacks, especially if your network has a large 'edge'.
Errr... you don't need to _track_ non-spoofed attacks - you _know_ where
the source is. Instead of going box to box back to the source (most
likely across several providers) you can immediately go to _their_
provider.
--vadim
