[fw-wiz] re: Why blocking bogons buys you nothing
From: Mike Hoskins (mike_at_adept.org)
To: firstname.lastname@example.org Date: Mon, 10 Nov 2003 15:44:51 -0800 (PST)
From: Mikael Olsson <email@example.com>
To: Barney Wolff <firstname.lastname@example.org>
Barney Wolff wrote:
> On Sun, Nov 09, 2003 at 07:07:10PM +0100, Mikael Olsson wrote:
> > 40-50% is not "significant" for a DDoS in my opinion. Especially
> > not if you're doing it on the wrong end of your Internet connection.
> Depends on your goal. If your goal is immunity from every DDoS, yes.
> But that goal is unattainable by any means. If your goal is to reduce
> the frequency of outages caused by DDoS, 50% is significant, because
> not every attack will come from the most powerful attacker.
50%... How long is a piece of string? Like Barney tried to point out,
50% can be a whole lot (wrt local server bandwidth).
> And not every attack will come from DDoS slaves that spoof their
> source IPs. And not all of the spoofing slaves will use completely
> random source IPs.
He didn't say they would, unlike you who tried to say something does
absolutely no good for everyone all the time. The point is, you drew some
good conclusions but tried to make it apply everywhere all the time.
That's not the way the world works, epsecially the networking world. What
you need to do is be intelligent and think about the pros and cons of what
you implement on your networks. What applies at one site may not apply at
another, blah blah blah. So, a good study, but one that needs to be read
with "common sense" like any other.
> I've been on the receiving end of about half a dozen DDoSes so far.
> None of them used randomized addresses.
"A grenade landed about 15 ft. from me once and I escaped unscathed...
Therefore, I let people throw grenades at me all the time."
Be as cautious as you wish with your network, and I'll do the same.
-- From: "Spam Catcher" <email@example.com> To: firstname.lastname@example.org Do NOT send email to the address listed above or you will be added to a blacklist! _______________________________________________ firewall-wizards mailing list email@example.com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards