North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Is there a line of defense against Distributed Reflective attacks?
"alex" == alex <[email protected]> writes: >> > > Sure, but this like all other attacks of this sort can be >> > > tracked... and so the pain is over /quickly/ provided you can >> > > track it quickly :) Also, sometimes null routes are ok. >> > >> > How quickly is quickly? Often times as has been my recent >> > experience (part of my motivation for posting this thread) the >> > flood is over before one can get a human being on the phone. >> >> Once the call arrives and the problem is deduced it can be tracked >> in a matter of minutes, like 6-10 at the fastest... alex> So if one wants to create a really nasty, largely untrackable alex> problem, one just needs to mount a set of attacks that last 3-4 alex> minutes at a time? Sure, that's one way to make it difficult. alex> This is a very bad band-aid. The solution is amazingly simple - Just to be clear, the solution to WHAT is amazingly simple? alex> make it uneconomical to have unprotected networks, For whom to have unprotected networks? What constitutes a protected network? How does one make it uneconomical enough? wondering, Michael
|