[AusNOG] NTP reflection used for world's largest DDoS

Dobbins, Roland rdobbins at arbor.net
Thu Feb 13 15:12:14 EST 2014


On Feb 13, 2014, at 10:55 AM, Jarryd Sullivan <Jarryd.Sullivan at area9.com.au> wrote:

> Probably a bit of a newbie question here, but what makes it so hard to mitigate such large attacks?

Sheer volume; lack of network telemetry and analysis on some networks; prevalence of open reflectors/amplifiers (DNS, ntp, chargen, SNMP, Quake3, etc.); lack of antispoofing on networks where attack sources reside; inadequate/nonexistent network access policies; gaps in BCP deployment; gaps in coordinated action amongst network operators; lack of reaction/mitigation tools on some networks; shortage of skilled opsec personnel; perceived lack of economic incentive; skillset challenges; apathy; etc.

> What methods are involved in mitigating such large attacks?

S/RTBH, flowspec, IDMS, ACLs, protocol-specific mechanisms such as RRL for DNS, etc.

-----------------------------------------------------------------------
Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>

	  Luck is the residue of opportunity and design.

		       -- John Milton



More information about the AusNOG mailing list