[AusNOG] NTP reflection used for world's largest DDoS
Dobbins, Roland
rdobbins at arbor.net
Thu Feb 13 15:12:14 EST 2014
On Feb 13, 2014, at 10:55 AM, Jarryd Sullivan <Jarryd.Sullivan at area9.com.au> wrote:
> Probably a bit of a newbie question here, but what makes it so hard to mitigate such large attacks?
Sheer volume; lack of network telemetry and analysis on some networks; prevalence of open reflectors/amplifiers (DNS, ntp, chargen, SNMP, Quake3, etc.); lack of antispoofing on networks where attack sources reside; inadequate/nonexistent network access policies; gaps in BCP deployment; gaps in coordinated action amongst network operators; lack of reaction/mitigation tools on some networks; shortage of skilled opsec personnel; perceived lack of economic incentive; skillset challenges; apathy; etc.
> What methods are involved in mitigating such large attacks?
S/RTBH, flowspec, IDMS, ACLs, protocol-specific mechanisms such as RRL for DNS, etc.
-----------------------------------------------------------------------
Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>
Luck is the residue of opportunity and design.
-- John Milton
More information about the AusNOG
mailing list