nanog mailing list archives
Re: FW: Re: Is there a line of defense against Distributed Reflective attacks?
From: "E.B. Dreger" <eddy+public+spam () noc everquick net>
Date: Tue, 21 Jan 2003 06:38:07 +0000 (GMT)
VA> Date: Mon, 20 Jan 2003 19:59:08 -0800 (PST) VA> From: Vadim Antonov VA> Well, blocking TCP SYNs is not a way to block establishment VA> of sessions between _cooperating_ hosts. With cooperating hosts, anything goes. Hack up the IP stack, and have specially-crafted DNS queries carry the ISN. Or use GRE tunnels. Or have special ICMP Unreachable packets... Sort of reminds me of the "email me a file" substitute for FTP that was fairly popular years ago. VA> To really block something you need an application proxy... VA> and then there are always ways to subvert those. Elimination VA> of covert channels is one of the hardest problems. In any VA> case, no sane provider will restrict traffic only to VA> applications which can be served by its proxies. It would be nice if all protocols were proxy-friendly without requiring proxies. Of course, that does nothing for encrypted and steganographic traffic. Is elimination of covert channels even possible? I'd say not. One of the most useful protocols (SMTP) is virtually always proxied... rarely does anyone use end-to-end SMTP without any intervening MX. Allowing customer<-->* traffic vs. intercepting and/or logging is up to the provider. At least one then can have known flows to inspect, rather than wondering what the "push the button" vector is. Sadly, port perversion seems very common. I've added about a dozen different ports on my home Squid cache. Any attempts to demand full RFC compliance seem futile. It begins to sound like peering... are decisions made based on technical merit, or on not losing customers who whine because they demand to use a broken implementation? Eddy -- Brotsman & Dreger, Inc. - EverQuick Internet Division Bandwidth, consulting, e-commerce, hosting, and network building Phone: +1 (785) 865-5885 Lawrence and [inter]national Phone: +1 (316) 794-8922 Wichita ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Date: Mon, 21 May 2001 11:23:58 +0000 (GMT) From: A Trap <blacklist () brics com> To: blacklist () brics com Subject: Please ignore this portion of my mail signature. These last few lines are a trap for address-harvesting spambots. Do NOT send mail to <blacklist () brics com>, or you are likely to be blocked.
Current thread:
- Re: FW: Re: Is there a line of defense against Distributed Reflective attacks?, (continued)
- Re: FW: Re: Is there a line of defense against Distributed Reflective attacks? Avleen Vig (Jan 19)
- Re: FW: Re: Is there a line of defense against Distributed Reflective attacks? Johannes Ullrich (Jan 19)
- Re: FW: Re: Is there a line of defense against Distributed Reflective attacks? Rob Thomas (Jan 19)
- Re: FW: Re: Is there a line of defense against Distributed Reflective attacks? Christopher L. Morrow (Jan 20)
- Re: FW: Re: Is there a line of defense against Distributed Reflective attacks? Avleen Vig (Jan 20)
- Re: FW: Re: Is there a line of defense against Distributed Reflective attacks? Jeff Workman (Jan 20)
- Re: FW: Re: Is there a line of defense against Distributed Reflective attacks? Christopher L. Morrow (Jan 20)
- Re: FW: Re: Is there a line of defense against Distributed Reflective attacks? Scott Granados (Jan 20)
- Re: FW: Re: Is there a line of defense against Distributed Reflective attacks? Avleen Vig (Jan 20)
- Re: FW: Re: Is there a line of defense against Distributed Reflective attacks? Vadim Antonov (Jan 20)
- Re: FW: Re: Is there a line of defense against Distributed Reflective attacks? E.B. Dreger (Jan 20)
- Re: FW: Re: Is there a line of defense against Distributed Reflective attacks? todd glassey (Jan 21)
- Re: FW: Re: Is there a line of defense against Distributed Reflective attacks? Vadim Antonov (Jan 21)
- Re: FW: Re: Is there a line of defense against Distributed Reflective attacks? todd glassey (Jan 21)
- Re: FW: Re: Is there a line of defense against Distributed Reflective attacks? Andy Dills (Jan 22)
- Re: FW: Re: Is there a line of defense against Distributed Reflective attacks? todd glassey (Jan 22)
- RE: FW: Re: Is there a line of defense against Distributed Reflective attacks? Al Rowland (Jan 22)
- Re: FW: Re: Is there a line of defense against Distributed Reflective attacks? Petri Helenius (Jan 22)
- RE: FW: Re: Is there a line of defense against Distributed Reflective attacks? Chris Parker (Jan 22)
- Re: FW: Re: Is there a line of defense against Distributed Reflective attacks? Max's Lists (Jan 22)
- OT: FW: Re: Is there a line of defense against Distributed Reflective attacks? Al Rowland (Jan 22)