[AusNOG] DDoS Attacks - Painful and Persistent.
Roland Dobbins
rdobbins at arbor.net
Mon Aug 10 17:27:27 EST 2009
On Aug 10, 2009, at 2:20 PM, Nick Brown wrote:
> Fair enough, you can see more and more carriers who are using
> private addresses on their links however, and sometimes implementing
> best practice isn't up there on the list when you are in a hurry.
Yes, it's a big mistake, however. The easiest and quickest way to
protect links which weren't previously protected is iACLs.
> The capture is taken from the interface of ingress from the upstream
> who had the prefix at the time. This can be further reinforced by
> looking at the information from carriers who are bringing the
> traffic into us, including one upstream carrier who had a
> significant failure of their own under the load of this attack.
Very interesting, if the packets are indeed 8K.
If I can provide additional information and/or help with interfacing
with the larger opsec community in order to get this attack squelched,
please don't hesitate to contact me offlist!
-----------------------------------------------------------------------
Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>
Unfortunately, inefficiency scales really well.
-- Kevin Lawton
More information about the AusNOG
mailing list