North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Few questions to the american ISPs [Re: DDOS anecdotes]

  • From: Alexei Roudnev
  • Date: Sat Jun 23 15:04:06 2001

It's nice story, but nothing new except XT/2000 options allowing to generate SRC
address.

But when (at last) it happen:

- use WFQ over all custiomer's links (if you have WFQ no such brute attack
succeed, it only slow you down but does not block you);
- Cisco force all IP fragments to be queued into the single WFQ query and allow
filtering of the FRAGMENTS
- any big ISP have skilled security person available. When I worked in Russia, it
took 10 - 15 minutes to contact your ISP and install such filters; for EUnet, it
took 20 minutes; for TELIA, it was the same. For any amertican ISP, it took a week
(UUnet was an exception)...
- all cable providers will have src address filters, so preventing src address
frauding.

It was discussed 5 years ago; it was discussed 2 years ago; it's discussed today.
When something change?


Alexei Roudnev

----- Original Message -----
From: "Sean M. Doran" <[email protected]>
To: <[email protected]>
Sent: Saturday, June 23, 2001 8:30 AM
Subject: DDOS anecdotes


>
>
> Some of you may find http://grc.com/dos/grcdos.htm
> very interesting.
>
> Sean.
>