North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Arbor Networks DoS defense product

  • From: Rob Thomas
  • Date: Wed May 15 18:52:21 2002

Hi, Dan.

] I don't think spoofing will be a problem for the landmines. Most attacks
] (99%?) are tcp.

Hmm...  Not based on my research.  The most common attack capabilities in
the bots are ICMP and UDP flooders.  After that, IGMP.  Last, TCP.  Most
of the DoS tools contain the same attack types as the bots.

On the receiving end, upwards of 80% of all the woe I track is not TCP.

Thanks,
Rob.
--
Rob Thomas
http://www.cymru.com/~robt
ASSERT(coffee != empty);