North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: WANTED: ISPs with DDoS defense solutions
> > On Tue, 5 Aug 2003, Christopher L. Morrow wrote: > > > > Spoofed packets are harder to trace to the source than non-spoofed > > > packets. Knowing where a malicious packet is very important to the > > > > this is patently incorrect: www.secsup.org/Tracking/ has some information > > you might want to review. Tracking spoofed attacks is infact EASIER than > > non-spoofed attacks, especially if your network has a large 'edge'. > > Errr... you don't need to _track_ non-spoofed attacks - you _know_ where > the source is. Instead of going box to box back to the source (most > likely across several providers) you can immediately go to _their_ > provider. so long as you are sure they aren't spoofed, yes. The point I mis-made was that tracking the spoofed attacks back to your edge is quicker since in many cases the non-spoofed attacks come from 'everywhere' so blocking traffic becomes a null route very quickly :( (unless the upstreams from your edge device can absorb the load and the protocol/ports being flooded are not critical to the business of the box being hammered.