[68442] in North American Network Operators' Group
Re: Counter DoS
daemon@ATHENA.MIT.EDU (Laurence F. Sheldon, Jr.)
Thu Mar 11 17:22:49 2004
Date: Thu, 11 Mar 2004 16:20:44 -0600
From: "Laurence F. Sheldon, Jr." <LarrySheldon@cox.net>
To: nanog@merit.edu
In-Reply-To: <Pine.LNX.4.44.0403111513080.9972-100000@sokol.elan.net>
Errors-To: owner-nanog-outgoing@merit.edu
william(at)elan.net wrote:
> On Thu, 11 Mar 2004, Laurence F. Sheldon, Jr. wrote:
>
>>Petri Helenius wrote:
>>
>>
>>>Maybe there is a lesson to be learned from many RBL operators. To make
>>>sure, just send packets to the whole /24 or /16 you got an "attack"
>>>packet from.
>>
>>Which RBL operators flood /24's or /16's? What do they flood them
>>with?
>
>
> I think he meant that RBLs sometimes include entire /24 in RBL list when
> only one or two ips are at fault and some would go even highier to include
> entire ISP allocation. This is probably talking about SPEWs and alike RBLs
I thought "RBL" was a tademark of Abovenet or MAPS or somebody.
--
Requiescas in pace o email
