Re: [SECURITY] Application layer attacks/DDoS attacks

On 26 May 2015, at 4:27, Randy Bush wrote: may i remind you of the dns query flood i had which you helped research? udp and tcp, from the same sources. Yes - we determined that the TCP-based queries were a result of RRL, which is optimized to help with spoofed reflection/amplification at

Re: [SECURITY] Application layer attacks/DDoS attacks

>> Application layer DDoS attacks , in most (all?) cases require a valid >> TCP/IP connection > DNS query-floods are a notable exception. may i remind you of the dns query flood i had which you helped research? udp and tcp, from the same sources. randy

Re: [SECURITY] Application layer attacks/DDoS attacks

On 25 May 2015, at 20:31, Steve via NANOG wrote: Application layer DDoS attacks , in most (all?) cases require a valid TCP/IP connection DNS query-floods are a notable exception. --- Roland Dobbins

Re: [SECURITY] Application layer attacks/DDoS attacks

the list at >nanog-ow...@nanog.org > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of NANOG digest..." > > > Today's Topics: > > 1. Re: [SECURITY] Application layer attacks/DDoS attacks > (Christop

Re: [SECURITY] Application layer attacks/DDoS attacks

On 25 May 2015, at 19:49, jim deleskie wrote: I agree, we can't even get everyone including some LARGE ( I'll avoid Tier's because people get stupid around that too) networks to filter customers based on assigned netblocks. Customer of my customer [of my customer, of my customer . . . ]. It

Re: [SECURITY] Application layer attacks/DDoS attacks

On 25 May 2015, at 19:44, Keith Medcalf wrote: Whatever this trusted network initiative is, I take that it was designed by fools or government (the two are usually indistinguishable) for the purpose of creating utterly untrustworthy networks. AFAICT, the 'Trusted Network Initiative' largel

Re: [SECURITY] Application layer attacks/DDoS attacks

> networks. > > > -Original Message- > > From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Ramy Hashish > > Sent: Sunday, 24 May, 2015 22:49 > > To: morrowc.li...@gmail.com; nanog@nanog.org > > Subject: Re: [SECURITY] Application layer attacks/DDoS a

RE: [SECURITY] Application layer attacks/DDoS attacks

rustworthy networks. > -Original Message- > From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Ramy Hashish > Sent: Sunday, 24 May, 2015 22:49 > To: morrowc.li...@gmail.com; nanog@nanog.org > Subject: Re: [SECURITY] Application layer attacks/DDoS attacks > > The

Re: [SECURITY] Application layer attacks/DDoS attacks

> The idea of restricting access to a certain content during an attack > on the "trusted networks" only will make all interested ISPs be more > "trusted" don't the lawyers already have enough money?

Re: [SECURITY] Application layer attacks/DDoS attacks

The idea of restricting access to a certain content during an attack on the "trusted networks" only will make all interested ISPs be more "trusted" Ramy On Mon, May 25, 2015 at 5:01 AM, Christopher Morrow wrote: > On Sat, May 23, 2015 at 9:12 PM, jim deleskie wrote: > >> However, the trusted n

Re: [SECURITY] Application layer attacks/DDoS attacks

On Sat, May 23, 2015 at 9:12 PM, jim deleskie wrote: >> However, the trusted network initiative might be a good approach to start >> influencing operators to apply anti-spoofing mechanisms. >> explain how you think the 'trusted network initiative' matters in the slightest? -chris

Re: [SECURITY] Application layer attacks/DDoS attacks

While I don't think any ISP "wants DDoS" to make $$, I do based on experience believe that business cases have to be made for everything. With the prices pay for BW in most of the world now, ( or the last number of years) its going to be VERY hard to get anyone to allocated time/$$ or energy to do

Re: [SECURITY] Application layer attacks/DDoS attacks

On 24 May 2015, at 3:14, Scott Weeks wrote: Those that care (NANOG type folks) already have deployed it and those that don't care have not and will not. Concur 100%. --- Roland Dobbins

Re: [SECURITY] Application layer attacks/DDoS attacks

Yes Harlan, you are absolutely right, even if this won't stop the botnet-based DDoS attacks, but at least will significantly decrease the volume/frequency of the volume based attacks. On the other side, the DDoS protection now become a business where all-tiers ISPs make money of, and those ISPs is

Re: [SECURITY] Application layer attacks/DDoS attacks

--- st...@ntp.org wrote: From: Harlan Stenn Just to ask, what is the expected effect on DDoS attacks if folks implemented BCP38? --- A moot point these days. After all the years it has been out (15 years: https://tools.ietf.org/html/bcp38) it can be seen

Re: [SECURITY] Application layer attacks/DDoS attacks

Just to ask, what is the expected effect on DDoS attacks if folks implemented BCP38? How does the cost of implementing BCP38 compare to the cost of other solution attempts? H

Re: [SECURITY] Application layer attacks/DDoS attacks

On 23 May 2015, at 19:56, Ramy Hashish wrote: I am little bit confused; aren't the application firewalls" -either integrated in a "NGFW or a UTM"- the responsible for mitigating application layer attacks?

Re: [SECURITY] Application layer attacks/DDoS attacks

To many pieces to answer on a weekend on NANOG, but those of us that work in the DDoS space the last number of years have seen huge growth in the application layer attacks. This does not mean a decrease in volumetric attack, just that now you have to worry about both and lots of each. FW's while t