North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

RE: WANTED: ISPs with DDoS defense solutions

  • From: McBurnett, Jim
  • Date: Thu Jul 31 09:31:39 2003

I tend to agree here.
I have noticed so many attacks etc coming from 
APNIC as of recent that on our corp network we have an ACL 
to block a number of APNIC blocks.
If there was a dynamic method to add null0 routes to
identified zombies, I think that would help.
IE. security company A provides a feed  (BGP etc)
to null route zombies that it has identified.

But that opens a whole other can of worms.....

-----Original Message-----
From: Petri Helenius [mailto:[email protected]]
Sent: Thursday, July 31, 2003 9:24 AM
To: [email protected]; Rob Thomas
Subject: Re: WANTED: ISPs with DDoS defense solutions

I would say that because backdoored hosts are easily available in large
quantities, spoofing does not make sense and usually alarms various systems
more quickly than packets from legitimate addresses.


----- Original Message ----- 
From: <[email protected]>
To: "Rob Thomas" <[email protected]>
Cc: "NANOG" <[email protected]>
Sent: Thursday, July 31, 2003 4:17 PM
Subject: Re: WANTED: ISPs with DDoS defense solutions

> On Wed, 30 Jul 2003, Rob Thomas wrote:
> > I've tracked 1787 DDoS attacks since 01 JAN 2003.  Of that number,
> > only 32 used spoofed sources.  I rarely see spoofed attacks now.
> Do you have any ideas as to why that is?  Is it due to more providers 
> doing source filtering?  It wouldn't make sense for attackers to become 
> less sophisticated unless they became more difficult to catch for other 
> reasons (e.g. botnets getting bigger).
> Rich