|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: [long] Re: DDoS: CAR vs TCP-Intercept vs NetFlow
At 11:15 PM 02/28/2000 -0500, Richard Steenbergen wrote: >Be careful with flow when dealing with random src or random dst (for >example, an attack which elicits a victim system to send replies to random >destinations) attacks, or it may not help you much (as the flow cache gets >max'd). Just like they say about vitamin fortified cereals, "it's in there". The flow-switching creature features have enough functionality to trace an attacker back to its source. Yes, its painful. Yes, it has to be done in real-time. Yes, actually, it has been done before. No, there is no other real way to do it. People: Start source filtering so we can get beyond these inane discussions. - paul
|