North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: DDOS prevention offensive.

  • From: Rob Thomas
  • Date: Thu Jul 12 13:06:56 2001

] Discuss the effect that wide spread filtering against spoofed
] addresses would have on the current number of DDOS attacks.

I performed a statistical analysis of a collection of log files
from one oft-targeted site.  The data therein revealed that 68%
of all the naughty packets contained obviously bogon source
addresses (e.g. 127/8).

I wouldn't extrapolate this analysis to fit all sites.  I see
more than enough DoS attacks were the source is not spoofed.  I
do think such filtering would go a long way towards mitigating
DDoS attacks.

--
Rob Thomas
http://www.cymru.com/~robt
cmn_err(CE_PANIC, "Out of coffee...");