nanog mailing list archives
Re: DDOS solution recommendation
From: Mark Andrews <marka () isc org>
Date: Mon, 12 Jan 2015 12:42:00 +1100
In message <54B31BBE.3000502 () tnetconsulting net>, Grant Taylor writes:
On 01/11/2015 03:22 PM, Mike Hammett wrote:I know that UDP can be spoofed, but it's not likely that the SSH, mail, etc. login attempts, web page hits, etc. would be spoofed as they'd have to know the response to be of any good.I encourage you to investigate "Triangular Spamming". (http://www.cs.ucr.edu/~zhiyunq/pub/oakland10_triangular_spamming.pdf) The "Triangular..." technique does specifically that, allow the attacker to "...know the responses...". In short, the bot receives the reply to the spoofed source IP and forwards information on to the attacker so that it can continue the conversation. In effect, three parties are having a one way conversation in a ring.
Just because you can only identify one of the two remotes doesn't mean that you can't report the addresses. It is involved in the communication stream.
There's more going on than UDP spoofing\amplification. Frankly the most damaging thing to me has been SMTP hijacking. For you to login to my SMTP server and send e-mail out, there's going to be one hell of a conversation going on.Yes, there is what appears to you to be be a conversation going on. However, the source of what you are hearing is not where you think it's from.
Actually it is coming from where you think it is coming from, just not directly. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka () isc org
Current thread:
- Re: DDOS solution recommendation, (continued)
- Re: DDOS solution recommendation Valdis . Kletnieks (Jan 11)
- Re: DDOS solution recommendation Roland Dobbins (Jan 11)
- Re: DDOS solution recommendation Mike Hammett (Jan 11)
- Re: DDOS solution recommendation Phil Bedard (Jan 11)
- Re: DDOS solution recommendation Patrick W. Gilmore (Jan 11)
- Re: DDOS solution recommendation Mike Hammett (Jan 11)
- Re: DDOS solution recommendation Patrick W. Gilmore (Jan 11)
- Re: DDOS solution recommendation Mike Hammett (Jan 11)
- Re: DDOS solution recommendation Damian Menscher (Jan 11)
- Re: DDOS solution recommendation Grant Taylor (Jan 11)
- Re: DDOS solution recommendation Mark Andrews (Jan 11)
- Re: DDOS solution recommendation Grant Taylor (Jan 11)
- Re: DDOS solution recommendation Mark Andrews (Jan 11)
- Re: DDOS solution recommendation Valdis . Kletnieks (Jan 12)
- Re: DDOS solution recommendation Brandon Ross (Jan 12)
- Re: DDOS solution recommendation Christopher Morrow (Jan 12)
- Re: DDOS solution recommendation Mike Hammett (Jan 12)
- Re: DDOS solution recommendation Christopher Morrow (Jan 12)
- Re: DDOS solution recommendation Roland Dobbins (Jan 12)
- Re: DDOS solution recommendation William F. Maton Sotomayor (Jan 12)
- Re: DDOS solution recommendation Scott Fisher (Jan 12)