Linked by Thom Holwerda on Thu 28th Mar 2013 00:36 UTC, submitted by MOS6510
Internet & Networking "The New York Times this morning published a story about the Spamhaus DDoS attack and how CloudFlare helped mitigate it and keep the site online. The Times calls the attack the largest known DDoS attack ever on the Internet. We wrote about the attack last week. At the time, it was a large attack, sending 85Gbps of traffic. Since then, the attack got much worse. Here are some of the technical details of what we've seen."
Permalink for comment 557007
To read all comments associated with this story, please click here.
Soulbender
Member since:
2005-08-18

but personally I'd rather see ISPs, peers and exchanges to add some reverse engineering to their UDP forwarding - in that they only forward UDP packets if the IP address attached can be routed backwards


This is already done by any competent provider and it is why spoofing is much less common today than it used to be. It's not feasible to do this between "Tier 1" peers though (due to, among other things, asymmetric routing) so it's important that providers closer to the customer does this properly.
This wouldn't solve the problem with DNS amplification attacks though since the source was valid and not spoofed. The only way to effectively stop these attacks is to not have open DNS resolvers.

Reply Parent Score: 2