|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Is there a line of defense against Distributed Reflective attacks?
On Thu, 16 Jan 2003, hc wrote: > > > > > > > >Because syn cookies are available on routing gear??? Either way syn > >cookies are not going to keep the device from sending a 'syn-ack' to the > >'originating host'. > > > > > True.. At least it will have some stop in the amount of attacks. > > It is quite unfortunate that it is impossible to control the 'ingress' > point of attack flow. Whenever there is a DoS attack, the only way to > drop it is to null route it (the method you have devised) over BGP > peering, but that knocks the victim host off the 'net... :-( > Sure, but this like all other attacks of this sort can be tracked... and so the pain is over /quickly/ provided you can track it quickly :) Also, sometimes null routes are ok.
|