nanog mailing list archives

Re: DDOS solution recommendation

From: Brandon Ross <bross () pobox com>
Date: Tue, 13 Jan 2015 14:18:26 -0500 (EST)

Earlier in the thread you seemed extremely confident in your position thatlong term blocking of addresses that appeared as source addresses ofundesirable traffic is a good thing. Why are you now avoiding answeringmy question with a strawman?


On Mon, 12 Jan 2015, Mike Hammett wrote:

So the preferred alternative is to simply do nothing at all? That seems fair.




-----
Mike Hammett
Intelligent Computing Solutions
http://www.ics-il.com



----- Original Message -----

From: "Christopher Morrow" <morrowc.lists () gmail com>
To: "Brandon Ross" <bross () pobox com>
Cc: "Mike Hammett" <nanog () ics-il net>, "NANOG list" <nanog () nanog org>
Sent: Monday, January 12, 2015 3:05:14 PM
Subject: Re: DDOS solution recommendation

On Mon, Jan 12, 2015 at 3:17 PM, Brandon Ross <bross () pobox com> wrote:

On Sun, 11 Jan 2015, Mike Hammett wrote:

I know that UDP can be spoofed, but it's not likely that the SSH, mail,
etc. login attempts, web page hits, etc. would be spoofed as they'd have to
know the response to be of any good.



Okay, so I'm curious. Are you saying that you do not automatically block
attackers until you can confirm a 3-way TCP handshake has been completed,
and therefore you aren't blocking sources that were spoofed? If so, how are
you protecting yourself against SYN attacks? If not, then you've made it
quite easy for attackers to deny any source they want.


this all seems like a fabulous conversation we're watching, but really
.. if someone wants to block large swaths of the intertubes on their
systems it's totally up to them, right? They can choose to not be
functional all they want, as near as I can tell... and arguing with
someone with this mentality isn't productive, especially after several
(10+? folk) have tried to show and tell some experience that would
lead to more cautious approaches.

If mike wants less packets, that's all cool... I'm not sure it's
actually solving anything, but sure, go right ahead, have fun.

-chris


--
Brandon Ross                                      Yahoo & AIM:  BrandonNRoss
+1-404-635-6667                                                ICQ:  2269442
                                                         Skype:  brandonross
Schedule a meeting:  http://www.doodle.com/bross

Current thread:

Re: DDOS solution recommendation, (continued)
- - - Re: DDOS solution recommendation Mark Andrews (Jan 11)
    - Re: DDOS solution recommendation Valdis . Kletnieks (Jan 12)
    - Re: DDOS solution recommendation Brandon Ross (Jan 12)
    - Re: DDOS solution recommendation Christopher Morrow (Jan 12)
    - Re: DDOS solution recommendation Mike Hammett (Jan 12)
    - Re: DDOS solution recommendation Christopher Morrow (Jan 12)
    - Re: DDOS solution recommendation Roland Dobbins (Jan 12)
    - Re: DDOS solution recommendation William F. Maton Sotomayor (Jan 12)
    - Re: DDOS solution recommendation Scott Fisher (Jan 12)
    - Re: DDOS solution recommendation Roland Dobbins (Jan 12)
    - Re: DDOS solution recommendation Brandon Ross (Jan 13)
    - Re: DDOS solution recommendation Valdis . Kletnieks (Jan 12)
    - Re: DDOS solution recommendation Colin Johnston (Jan 12)
    - Re: DDOS solution recommendation Patrick W. Gilmore (Jan 11)
    - Re: DDOS solution recommendation Roland Dobbins (Jan 12)
    - Re: DDOS solution recommendation Owen DeLong (Jan 12)
    - Re: DDOS solution recommendation Roland Dobbins (Jan 11)
    - Re: DDOS solution recommendation Joel Maslak (Jan 11)
    - RE: DDOS solution recommendation David Hofstee (Jan 12)
    - Re: DDOS solution recommendation Colin Johnston (Jan 12)
  - Re: DDOS solution recommendation Ca By (Jan 11)

(Thread continues...)