|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: SMURF amplifier block list
>:I will concede that shutting off connectivity to a site by a large enough
>:chunk of the net should get someone to fix stuff.... But part of the
>:advantage of the MAPS RBL BGP feed is that it helps to cut down spam
>:coming into your network. A BGP feed TODAY won't block a ping
>:amplification attack aimed at your network or a downstream. All it will
>:do is prevent your customers from using the ping amplification networks to
>:launch an attack. And, if you have the appropriate anti-spoofing filters
>:in place, they shouldn't be able to attack anything other than the valid
>:source addresses you have in your outbound filter set.
MAPS RBL BGP feed blocks all traffic back to a given network, after a
spamming event. It doesn't do too much to stop an in progress event, since
it doesn't respond that quickly with updates. (part [most?] of the delay is
Vixie's investigation) Its effective because it puts a lot of pressure on
networks that hosts spammers to make sure it doesn't happen again. Thus,
it tends to reduce spam.
Likewise, a Smurf BGP feed won't stop an in-progess attack, but it will put
a lot of pressure on smurfable networks to make sure they aren't smurfable
in the future. And thats a pretty good tool, even if its not 100%
effective.
--Dean
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Plain Aviation, Inc [email protected]
LAN/WAN/UNIX/NT/TCPIP/DCE http://www.av8.com
We Make IT Fly! (617)242-3091 x246
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
|