Linked by Thom Holwerda on Thu 28th Mar 2013 00:36 UTC, submitted by MOS6510
Internet & Networking "The New York Times this morning published a story about the Spamhaus DDoS attack and how CloudFlare helped mitigate it and keep the site online. The Times calls the attack the largest known DDoS attack ever on the Internet. We wrote about the attack last week. At the time, it was a large attack, sending 85Gbps of traffic. Since then, the attack got much worse. Here are some of the technical details of what we've seen."
Permalink for comment 557016
To read all comments associated with this story, please click here.
Alfman
Member since:
2011-01-28

Soulbender,

"Source filtering makes sure that only packets with a valid source comes in on an interface. Valid source means it's an IP address that has a route via that interface. This is an incredibly simple yet effective way to reduce spoofing on customer-facing equipment and is, as I've said previously, already done by most ISP's."

They apply egress filtering to make sure their customers don't sent out source IPs that are external to their network.

They may apply ingress filtering such that the internet backbone cannot send them packets that look like they were sourced from within the ISP. But it's very unlikely that they apply ingress filtering that discriminates IPs from various peer interfaces since that would break alot of internet traffic. It's up to the source routers to route the traffic to the destination. The destination has no say which interface will receive traffic for a given IP.

ISPs cannot do anything to detect spoofing outside of their network, which is part of the problem.


"While DNS has problems this is not one of them. This is simply a problem of misconfigured DNS servers and the only effective way to stop this from happening is by not screwing up the configuration."

Once you read my other response, it should clarify that it is a DNS problem (or even a "UDP" problem if you want to view it like Laurence did).

Reply Parent Score: 2