North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: DDOS prevention offensive.

  • From: Bill Larson
  • Date: Thu Jul 12 13:18:24 2001

Well to sum it up in one sentence. If you eliminate the bogus addresses, you
can then target the actual zombie machines used to attack the site and
eventually eliminate the risk via patching or null route them. So filtering
bogus addresses, non-routable addresses, and the addresses, which do not
belong to your net blocks, would serve to combat the denial of service
attacks.

Bill Larson
Network Administrator, Compu-Net Enterprises
Local: (931) 920-0043
Toll free: (877) 920-1429

----- Original Message -----
From: "Rob Thomas" <[email protected]>
To: <[email protected]>
Sent: Thursday, July 12, 2001 12:03 PM
Subject: Re: DDOS prevention offensive.


>
> ] Discuss the effect that wide spread filtering against spoofed
> ] addresses would have on the current number of DDOS attacks.
>
> I performed a statistical analysis of a collection of log files
> from one oft-targeted site.  The data therein revealed that 68%
> of all the naughty packets contained obviously bogon source
> addresses (e.g. 127/8).
>
> I wouldn't extrapolate this analysis to fit all sites.  I see
> more than enough DoS attacks were the source is not spoofed.  I
> do think such filtering would go a long way towards mitigating
> DDoS attacks.
>
> --
> Rob Thomas
> http://www.cymru.com/~robt
> cmn_err(CE_PANIC, "Out of coffee...");
>