[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
UDP port 80 DDoS attack
- Subject: UDP port 80 DDoS attack
- From: steve.bertrand at gmail.com (Steve Bertrand)
- Date: Sun, 05 Feb 2012 22:08:19 -0500
- In-reply-to: <CABO8Q6QuoU6=0YfaLH_ZcMHwN-hOcWSJhQ1nZXJEFRiRonsJBA@mail.gmail.com>
- References: <7F48F1B1D2983A49AFC2A39FAC634039AE924E9CF1@miles-exch01.miles.office> <CABO8Q6TFRhXY-aLB4URW6e-iUu8Wd1z2RidOsUzr8+QrQkqmvw@mail.gmail.com> <[email protected]> <CABO8Q6S=OiE-dbw-MstMe5tDwX4Sk+qJY=pHNkB0VWgQ=tQr=Q@mail.gmail.com> <[email protected]> <CABO8Q6QuoU6=0YfaLH_ZcMHwN-hOcWSJhQ1nZXJEFRiRonsJBA@mail.gmail.com>
On 2012.02.05 20:37, Keegan Holley wrote:
> 2012/2/5 Dobbins, Roland<rdobbins at arbor.net>
>> S/RTBH - as opposed to D/RTBH - doesn't kill the patient. Again, suggest
>> you read the preso.
>>
>
> Source RTBH often falls victim to rapidly changing or spoofed source IP"s.
> It also isn't as widely supported as it should be. I never said DDOS was
> hopeless, there just aren't a wealth of defenses against it.
This is so very easily automated. Even if you don't actually want to
trigger the routes automatically, finding the sources you want to
blackhole is as simple as a monitor port, tcpdump and some basic Perl.
...and as far as this not having been deployed in many ISPs (per your
next message)... their mitigation strategies should be asked up front,
and if they don't have any (or don't know what you speak of), find a new
ISP.
Steve