[dns-operations] "Analyzing Large DDoS Attacks Using Multiple Data Sources"
Rick Wesson
wessorh at ar.com
Wed Sep 13 16:18:26 UTC 2006
The other day I bungled the routing on our spam traps and thought we
were under a tcp DDoS attack =)
-rick
David Ulevitch wrote:
> On Sep 12, 2006, at 9:40 AM, Paul Vixie wrote:
>
>> http://www.research.att.com/~kobus/docs/ddos.lsad.pdf
>
> It seems like they didn't see the same kind of attacks other folks
> report.
>
> " (ii) Packet rates are in the tens of thousands per second, maximum
> close to 1 million packets per second. (iii) Most attacks use TCP. "
>
> PPS in the 10kpps range and mostly TCP means that they are seeing old-
> style DDoS attacks -- at least that's how I interpret it.
>
> As for most packets not being spoofed, that's been the case for a few
> years now. It's only when the spoofing is the attack vector (as in
> the DNS amplification attack) otherwise TCP based attacks are usually
> far more advantageous and effective , from an attackers perspective.
>
> -david
>
>
>> (presented at sigcomm recently)
>> _______________________________________________
>> dns-operations mailing list
>> dns-operations at lists.oarci.net
>> http://lists.oarci.net/mailman/listinfo/dns-operations
>
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.oarci.net
> http://lists.oarci.net/mailman/listinfo/dns-operations
More information about the dns-operations
mailing list