[63544] in North American Network Operators' Group
Re: CCO/cisco.com issues.
daemon@ATHENA.MIT.EDU (Laurence F. Sheldon, Jr.)
Tue Oct 7 10:32:52 2003
Date: Tue, 07 Oct 2003 09:30:52 -0500
From: "Laurence F. Sheldon, Jr." <larrysheldon@cox.net>
To: "Stephen J. Wilcox" <steve@telecomplete.co.uk>
Cc: Suresh Ramasubramanian <suresh@outblaze.com>,
Terry Baranski <tbaranski@mail.com>, jlewis@lewis.org,
'Allan Liska' <allan@allan.org>, 'Kai Schlichting' <kai@pac-rim.net>,
nanog@merit.edu
Errors-To: owner-nanog-outgoing@merit.edu
"Stephen J. Wilcox" wrote:
> You are making assumptions.. Cisco havent said if the source was spoofed or not,
> as a recent nanog thread indicated a lot of attacks do not use spoofed addresses
> any more simply because the controllers have access to enough legitimate windows
> boxes to not care about discovery of source.
Interesting. I read (and just now reread) Mr. dobbins posting and made
the same assumptions, based on the part where he said:
We've been handling a multi-vector DDoS - 40-byte spoofed SYN-
~~~~~~~
flooding towards www.cisco.com (198.133.219.25/32) as well
as an HTTP-AUTH resource-exhaustion attack, and working these
issues with our upstreams.
I made the assupmtion that if the upstreams had an interest in cisco's
survival beyond the end-of-quarter numbers they would do something
useful.
Strange how we leap to these shaky conclusions.
