[68440] in North American Network Operators' Group


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: Counter DoS

daemon@ATHENA.MIT.EDU (william(at)elan.net)
Thu Mar 11 17:11:18 2004

Date: Thu, 11 Mar 2004 15:16:20 -0800 (PST)
From: "william(at)elan.net" <william@elan.net>
To: "Laurence F. Sheldon, Jr." <LarrySheldon@cox.net>
Cc: nanog@merit.edu
In-Reply-To: <4050E256.9090806@cox.net>
Errors-To: owner-nanog-outgoing@merit.edu


On Thu, 11 Mar 2004, Laurence F. Sheldon, Jr. wrote:
> Petri Helenius wrote:
> 
> > Maybe there is a lesson to be learned from many RBL operators. To make 
> > sure, just send packets to the whole /24 or /16 you got an "attack" 
> > packet from.
> 
> Which RBL operators flood /24's or /16's?  What do they flood them
> with?

I think he meant that RBLs sometimes include entire /24 in RBL list when 
only one or two ips are at fault and some would go even highier to include 
entire ISP allocation. This is probably talking about SPEWs and alike RBLs

-- 
William Leibzon
Elan Networks
william@elan.net


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[68440] in North American Network Operators' Group

Re: Counter DoS

daemon@ATHENA.MIT.EDU (william(at)elan.net)Thu Mar 11 17:11:18 2004

daemon@ATHENA.MIT.EDU (william(at)elan.net)
Thu Mar 11 17:11:18 2004