North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

RE: Upsurge in attacks?

  • From: David Schwartz
  • Date: Tue Sep 04 23:26:32 2001

> On Tue, 4 Sep 2001, Chris Rapier wrote:

> > Note: We only really start to give a damn when attacks start to suck up
> > more than 20Mbps on its own. Anything less than that is either not worth
> > the hassle or gets lost in the noise. Our position as a GigaPOP
> > eliminates a few potential areas of concern.

> That's nice to know.  So, If we see <20Mb/s attack from, to get
> your attention and make sure you give a damn about the initial problem, we
> should counter-attack with 50-60Mb/s or so?  Is that the official stance
> of

	I hope he was talking about attacks on him (inbound to him) rather than
attacks originating on his network. However, if you ignore a 20Mbps attack,
you may wind up launching your own 20Mbps attack unwittingly.

	For example, if someone sends you spoofed TCP SYN packets, you may respond
with an equal number of ICMP unreachable packets, flooding an innocent
victim. So you generally cannot ignore 'small' floods, even if they're not
harming you. At least, that is, if you care about who you hurt.