[63512] in North American Network Operators' Group
Re: CCO/cisco.com issues.
daemon@ATHENA.MIT.EDU (Matt)
Tue Oct 7 00:40:56 2003
Date: Mon, 06 Oct 2003 23:43:04 -0500
From: "Matt" <acheron@qwest.net>
To: nanog@merit.edu
In-Reply-To: <000e01c38c6a$ec53c200$0200000a@netsec.net>
Errors-To: owner-nanog-outgoing@merit.edu
As the bandwidth ramps up on the access side, this problem is only going
to become more and more prevalent (as if it's not already enough of a
problem). While I don't think filtering is the silver bullet, it can
certainly help at times. I think some of the larger watch sites (eg
SANS, etc.) out there have the right idea - even though reactive in
nature, almost real-time dissemination of attack vectors and trending of
methods goes a long way towards slowing down some of these attacks.
Unfortunately, these single target attacks, such as attacks on Cisco,
Ebay, Yahoo, etc. cannot be entirely thwarted if the attacker(s) is/are
determined enough. We could go down the client side discussion (you
know, the one about certain software vendors, etc.) but that topic has
already been covered in great length.
