Re: WANTED: ISPs with DDoS defense solutions

From: Christopher L. Morrow (no email)
Date: Tue Aug 05 2003 - 21:36:03 EDT

• Next message: Henry Linneweh: "Re: testing bandwidth of big internet pipes"
• Previous message: Stewart, William C (Bill), RTSLS: "Re: testing bandwidth of big internet pipes"
• Maybe in reply to: Jack Bates: "Re: WANTED: ISPs with DDoS defense solutions"
• Next in thread: David G. Andersen: "Re: WANTED: ISPs with DDoS defense solutions"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

On Wed, 6 Aug 2003, Paul Vixie wrote:

>
> > More and more there is less and less spoofing, its just not required and
> > it causes more damage with less effort :( Why spoof when you have 1000
> > machines pumping 1 packet per second? (or 10)
>
> leaving the spoofing option open for future generations of attacks,
> rather than having a witch-hunt and tracking down and upgrading every
> insecure edge, is just about the worst thing we could do. because
> when an attacker wants an extra edge, they'll add spoofing to their
> attack profile, and the core's immune system will be totally unprepared.

I don't believe I ever said that the edges shouldn't filter... did I?

• Next message: Henry Linneweh: "Re: testing bandwidth of big internet pipes"
• Previous message: Stewart, William C (Bill), RTSLS: "Re: testing bandwidth of big internet pipes"
• Maybe in reply to: Jack Bates: "Re: WANTED: ISPs with DDoS defense solutions"
• Next in thread: David G. Andersen: "Re: WANTED: ISPs with DDoS defense solutions"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]