automatic rtbh trigger using flow data

• Subject: automatic rtbh trigger using flow data
• From: rdobbins at arbor.net (Roland Dobbins)
• Date: Sun, 02 Sep 2018 10:09:32 +0700
• In-reply-to: <[email protected]>
• References: <[email protected]> <[email protected]> <[email protected]> <[email protected]> <[email protected]> <[email protected]> <[email protected]> <d6b735c6a9924996ad6c8b3717e0f538@SC58MEXGP014.CORP.CHARTERCOM.com> <[email protected]> <000f01d44159$649d6b40$2dd841c[email protected]> <[email protected]>

On 1 Sep 2018, at 1:43, Hugo Slabbert wrote:

> Generally on the TCP side you can try SYN or ACK floods, but you're 
> not going to get an amplified reflection.

Actually, TCP reflection/amplification has been on the increase; the 
attacker is guaranteed at least 4:1 amplification in most circumstances, 
the number of reflectors/amplifiers is for all practical purposes 
infinite, and they're mostly legitimate, non-broken 
services/applications.

And as always, it's important to note that with all 
reflection/amplification attacks, the root of the issue is the lack of 
universal source-address validation (SAV).  Without the ability to 
spoof, there would be no reflection/amplification attacks.

-----------------------------------
Roland Dobbins <rdobbins at arbor.net>

• Follow-Ups:
  • automatic rtbh trigger using flow data
    • From: hugo at slabnet.com (Hugo Slabbert)

• Prev by Date: automatic rtbh trigger using flow data
• Next by Date: automatic rtbh trigger using flow data
• Previous by thread: automatic rtbh trigger using flow data
• Next by thread: automatic rtbh trigger using flow data
• Index(es):
  • Date
  • Thread