North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Is there a line of defense against Distributed Reflective attacks?

  • From: hc
  • Date: Fri Jan 17 00:01:41 2003


Normally that's not very productive as they are mostly owned boxes that
will be rebuilt and reowned in days :(
I agree, keeping track of the attacks would not be very useful nor helpful. I bet if more ISP's would implement egress filtering on their border routers, it'd help quite a bit. Of course, egress filters don't solve the issue. But considering most script kiddies' intelligence level is limited, it will help at least a bit. :-) The problem with egress filtering is that it's mostly applicable at the end tier2+ level, not at the backbones, which means a lot of ISP's who are oblivious on what it is (or some cases where egress filter breaks their network setup).

-hc