|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: FW: Re: Is there a line of defense against Distributed Reflective attacks?
> *shrug* just seems like it would make more sense to block all incoming > 'syn' packets. > Wouldn't that be faster than inspecting the destination port against two > seperate rules? blocking all SYN's will break too much other stuff (Instant Messangers, games ...). I think we would be much better off if they (consumer ISPs) would block 135-139 and 445, maybe 21 and 80. The rest could be handled with a simple IDS (doesn't even need to match patterns... just count packets going to 27374 and the like) I keep saying ISPs would be much better off if they implement these filters. But not all of them agree. IMHO: less 'zombies' -> better service -> less support phonecalls. -- -------------------------------------------------------------------- [email protected] Collaborative Intrusion Detection join http://www.dshield.org Attachment:
pgp00011.pgp
|