nanog mailing list archives
Re: automatic rtbh trigger using flow data
From: "Roland Dobbins" <rdobbins () arbor net>
Date: Sun, 02 Sep 2018 10:09:32 +0700
On 1 Sep 2018, at 1:43, Hugo Slabbert wrote:
Generally on the TCP side you can try SYN or ACK floods, but you're not going to get an amplified reflection.
Actually, TCP reflection/amplification has been on the increase; the attacker is guaranteed at least 4:1 amplification in most circumstances, the number of reflectors/amplifiers is for all practical purposes infinite, and they're mostly legitimate, non-broken services/applications.
And as always, it's important to note that with all reflection/amplification attacks, the root of the issue is the lack of universal source-address validation (SAV). Without the ability to spoof, there would be no reflection/amplification attacks.
----------------------------------- Roland Dobbins <rdobbins () arbor net>
Current thread:
- Re: automatic rtbh trigger using flow data Baldur Norddahl (Sep 01)
- RE: automatic rtbh trigger using flow data Ryan Hamel (Sep 01)
- Re: automatic rtbh trigger using flow data Hugo Slabbert (Sep 01)
- RE: automatic rtbh trigger using flow data Michel Py (Sep 01)
- Re: automatic rtbh trigger using flow data Baldur Norddahl (Sep 02)
- RE: automatic rtbh trigger using flow data Ryan Hamel (Sep 02)
- Re: automatic rtbh trigger using flow data Baldur Norddahl (Sep 02)
- RE: automatic rtbh trigger using flow data Ryan Hamel (Sep 01)
- <Possible follow-ups>
- Re: automatic rtbh trigger using flow data Roland Dobbins (Sep 01)
- Re: automatic rtbh trigger using flow data Roland Dobbins (Sep 01)
- Re: automatic rtbh trigger using flow data Roland Dobbins (Sep 01)
- Re: automatic rtbh trigger using flow data Hugo Slabbert (Sep 01)
- Re: automatic rtbh trigger using flow data Paweł Małachowski (Sep 04)
- Re: automatic rtbh trigger using flow data H I Baysal (Sep 06)