North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: CCO/cisco.com issues.

  • From: Laurence F. Sheldon, Jr.
  • Date: Tue Oct 07 10:34:48 2003

"Stephen J. Wilcox" wrote:

> You are making assumptions.. Cisco havent said if the source was spoofed or not,
> as a recent nanog thread indicated a lot of attacks do not use spoofed addresses
> any more simply because the controllers have access to enough legitimate windows
> boxes to not care about discovery of source.

Interesting.  I read (and just now reread) Mr. dobbins posting and made
the same assumptions, based on the part where he said:

   We've been handling a multi-vector DDoS - 40-byte spoofed SYN-
                                                     ~~~~~~~
   flooding towards www.cisco.com (198.133.219.25/32) as well
   as an HTTP-AUTH resource-exhaustion attack, and working these
   issues with our upstreams.

I made the assupmtion that if the upstreams had an interest in cisco's
survival beyond the end-of-quarter numbers they would do something
useful.

Strange how we leap to these shaky conclusions.