North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Arbor Networks DoS defense product
On Wed, 15 May 2002, Dan Hollis wrote: > > On Wed, 15 May 2002, Rob Thomas wrote: > > ] I don't think spoofing will be a problem for the landmines. Most attacks > > ] (99%?) are tcp. > > Hmm... Not based on my research. The most common attack capabilities in > > the bots are ICMP and UDP flooders. After that, IGMP. Last, TCP. Most > > of the DoS tools contain the same attack types as the bots. > > On the receiving end, upwards of 80% of all the woe I track is not TCP. > > You miss the point of this: > > We are not landmining for DOSing. > > We are landmining to make it very dangerous for attackers to scan networks > and probe hosts. > > -Dan > -- > [-] Omae no subete no kichi wa ore no mono da. [-] > > Are you now operating under the premise that scans != anything but the prelude to an attack? Sorry if I missed it earlier in the thread, but I would hate to think any legitimate scanning of a network or host would result in a false positive. Even more, I would hate to see the advocation of a hostile reaction to what, so far, is not considered a crime. PJ -- He thought of Musashi, the Sword Saint, standing in his garden more than three hundred years ago. "What is the 'Body of a rock'?" he was asked. In answer, Musashi summoned a pupil of his and bid him kill himself by slashing his abdomen with a knife. Just as the pupil was about to comply, the Master stayed his hand, saying, "That is the 'Body of a rock'." -- Eric Van Lustbader
|