Re: NANOG meeting subject of attack? Hmmmm....
As Charles says, from what I've read of the CERT advisories, there is nothing proactive one can really do for these DDos attacks, besides securing machines from being hacked, correct? Also note that the link that Paul gave to the cnet story doesn't mention anything about NANOG (for those who were looking). That only came later tonight, by 8:30pm with this story: http://news.cnet/com/news/0-1005-200-1545456.html Also see CNN (as they got hit) at: http://cnnfn.com/2000/02/08/technology/yahoo/ Looks like the news organizations have picked up on the timing 'coincidence' (if it was one). Apologies if this is old news; I just didn't see any mention of it yet, and it seemed rather operational, given the nature of what happened. :) BINO On Tue, 8 Feb 2000, Charles Sprickman wrote:
On Tue, 8 Feb 2000, Christian Nielsen wrote:
On Tue, 8 Feb 2000, Paul Ferguson wrote:
I guess the only way to 'protect' against something this big would be to follow Pauls RFC and/or have big, fat pipes sitting idle.
It's my understanding that these recent attacks are DDoS attacks, which really don't need to involve any address spoofing. The MO would look similar to a smurf (many different source addresses bombarding you), but here the negligent (call the lawyers?) party with the hacked Solaris boxes running out-of-the-box configs would not be helped by said RFC, right?
This is a sad day for the internet. :(
Just a reminder that we are working in a anarchic, non-cooperative business, that's all :)
Charles
Christian
As Charles says, from what I've read of the CERT advisories, there is nothing proactive one can really do for these DDos attacks, besides securing machines from being hacked, correct?
yes, that is essential. but also, what has to be done is to go to all dedicated cpe and prevent source spoofing, see RFC 2267. [ do not be distracted by the smurf etc. red herring sub-discussions ] randy
participants (2)
-
Bino Gopal -
Randy Bush