Re: DDOS Attack Mitigation

From: Alan Brown (alanat_private)
Date: Mon Feb 14 2000 - 10:13:20 PST

Next message: Alexandru Popa: "Re: FireWall-1 FTP Server Vulnerability"

Previous message: Darren Reed: "Re: DDOS Attack Mitigation"
Maybe in reply to: Elias Levy: "DDOS Attack Mitigation"
Next in thread: Darren Reed: "Re: DDOS Attack Mitigation"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sun, 13 Feb 2000, Darren Reed wrote:

> You know if anyone was of a mind to find someone at fault over this,
> I'd start pointing the finger at ISP's who haven't been doing this
> due to "performance reasons".

To be fair, if you do this on most terminal servers (eg, Cisco 5300, Max
4000), they will collapse under the load.

>  They've had the ability to do it for
> years and in doing so would seriously reduce the number and possibility
> of "spoofing" attacks.

See above. Having enough CPU available to handle spoof filtering from
dialups adds a lot to costs and most ISPs simply can't afford to pay
more in order to be able to provide that benefit. :-(

AB

Next message: Alexandru Popa: "Re: FireWall-1 FTP Server Vulnerability"
Previous message: Darren Reed: "Re: DDOS Attack Mitigation"
Maybe in reply to: Elias Levy: "DDOS Attack Mitigation"
Next in thread: Darren Reed: "Re: DDOS Attack Mitigation"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:34:38 PDT