nanog mailing list archives
Re: UDP port 80 DDoS attack
From: Keegan Holley <keegan.holley () sungard com>
Date: Sun, 5 Feb 2012 22:30:20 -0500
2012/2/5 Steve Bertrand <steve.bertrand () gmail com>
On 2012.02.05 20:37, Keegan Holley wrote:2012/2/5 Dobbins, Roland<rdobbins () arbor net>S/RTBH - as opposed to D/RTBH - doesn't kill the patient. Again, suggestyou read the preso.Source RTBH often falls victim to rapidly changing or spoofed source IP"s. It also isn't as widely supported as it should be. I never said DDOS was hopeless, there just aren't a wealth of defenses against it.This is so very easily automated. Even if you don't actually want to trigger the routes automatically, finding the sources you want to blackhole is as simple as a monitor port, tcpdump and some basic Perl.
This is still vulnerable to spoofing which could cause you to filter legitimate traffic and make the problem worse. Not saying that S/RTBH is a bad idea. RTBH is effective and a great idea just not very elegant.
...and as far as this not having been deployed in many ISPs (per your next message)... their mitigation strategies should be asked up front, and if they don't have any (or don't know what you speak of), find a new ISP.
You sometimes have to weigh the pro's and cons. You can't always pick the guys with the coolest knobs.
Current thread:
- Re: UDP port 80 DDoS attack, (continued)
- Re: UDP port 80 DDoS attack Keegan Holley (Feb 08)
- Re: UDP port 80 DDoS attack Christopher Morrow (Feb 08)
- RE: UDP port 80 DDoS attack George Bonser (Feb 08)
- Re: UDP port 80 DDoS attack Mark Andrews (Feb 08)
- Re: UDP port 80 DDoS attack Keegan Holley (Feb 08)
- Re: UDP port 80 DDoS attack Dobbins, Roland (Feb 08)
- Re: UDP port 80 DDoS attack bas (Feb 08)
- Re: UDP port 80 DDoS attack Dobbins, Roland (Feb 08)
- Re: UDP port 80 DDoS attack Keegan Holley (Feb 08)
- Re: UDP port 80 DDoS attack Steve Bertrand (Feb 05)
- Re: UDP port 80 DDoS attack Keegan Holley (Feb 05)
- Re: UDP port 80 DDoS attack Steve Bertrand (Feb 05)
- Re: UDP port 80 DDoS attack Jeff Wheeler (Feb 05)
- Re: UDP port 80 DDoS attack dennis (Feb 06)
- Re: UDP port 80 DDoS attack Sven Olaf Kamphuis (Feb 06)
- Re: UDP port 80 DDoS attack Jeff Wheeler (Feb 06)
- Re: UDP port 80 DDoS attack Keegan Holley (Feb 06)
- Re: UDP port 80 DDoS attack Joe Greco (Feb 07)
- RE: UDP port 80 DDoS attack George Bonser (Feb 07)