[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

DDOS solution recommendation

Subject: DDOS solution recommendation
From: bross at pobox.com (Brandon Ross)
Date: Mon, 12 Jan 2015 15:17:36 -0500 (EST)
In-reply-to: <24459190.3096.1421011316528.JavaMail.mhammett@ThunderFuck>
References: <24459190.3096.1421011316528.JavaMail.mhammett@ThunderFuck>

On Sun, 11 Jan 2015, Mike Hammett wrote:

> I know that UDP can be spoofed, but it's not likely that the SSH, mail, 
> etc. login attempts, web page hits, etc. would be spoofed as they'd have 
> to know the response to be of any good.

Okay, so I'm curious.  Are you saying that you do not automatically block 
attackers until you can confirm a 3-way TCP handshake has been completed, 
and therefore you aren't blocking sources that were spoofed?  If so, 
how are you protecting yourself against SYN attacks?  If not, then you've 
made it quite easy for attackers to deny any source they want.

-- 
Brandon Ross                                      Yahoo & AIM:  BrandonNRoss
+1-404-635-6667                                                ICQ:  2269442
                                                          Skype:  brandonross
Schedule a meeting:  http://www.doodle.com/bross

Follow-Ups:
- DDOS solution recommendation
  - From: morrowc.lists at gmail.com (Christopher Morrow)

References:
- DDOS solution recommendation
  - From: nanog at ics-il.net (Mike Hammett)

Prev by Date: Recommended L2 switches for a new IXP
Next by Date: DDOS solution recommendation
Previous by thread: DDOS solution recommendation
Next by thread: DDOS solution recommendation
Index(es):
- Date
- Thread