[dns-operations] "Analyzing Large DDoS Attacks Using Multiple Data Sources"
wessorh at ar.com
Wed Sep 13 16:18:26 UTC 2006
The other day I bungled the routing on our spam traps and thought we
were under a tcp DDoS attack =)
David Ulevitch wrote:
> On Sep 12, 2006, at 9:40 AM, Paul Vixie wrote:
> It seems like they didn't see the same kind of attacks other folks
> " (ii) Packet rates are in the tens of thousands per second, maximum
> close to 1 million packets per second. (iii) Most attacks use TCP. "
> PPS in the 10kpps range and mostly TCP means that they are seeing old-
> style DDoS attacks -- at least that's how I interpret it.
> As for most packets not being spoofed, that's been the case for a few
> years now. It's only when the spoofing is the attack vector (as in
> the DNS amplification attack) otherwise TCP based attacks are usually
> far more advantageous and effective , from an attackers perspective.
>> (presented at sigcomm recently)
>> dns-operations mailing list
>> dns-operations at lists.oarci.net
> dns-operations mailing list
> dns-operations at lists.oarci.net
More information about the dns-operations