On 3 Aug 2015, at 21:19, Stephen Satchell wrote:
And any half-awake server operator would have turned on SYNCOOKIES a
long time ago.
I hate to tell you this, but a) SYN-cookies aren't a perfect response,
as servers don't have infinite resources, and b) stateful firewalls go
down *all the tim
On 08/03/2015 07:04 AM, Roland Dobbins wrote:
On 3 Aug 2015, at 21:00, Roland Dobbins wrote:
due to DDoS exhaustion
That should read '[TCP] state exhaustion', apologies.
And any half-awake server operator would have turned on SYNCOOKIES a
long time ago.
On 3 Aug 2015, at 21:00, Roland Dobbins wrote:
> due to DDoS exhaustion
That should read 'state exhaustion', apologies.
---
Roland Dobbins
On 3 Aug 2015, at 20:35, Mel Beckman wrote:
But SYN floods are easily detected and deflected by all modern
firewalls. If a handshake doesn’t complete within a certain time
interval, the SYN is discarded.
This is incorrect. I've seen a 20gb/sec stateful firewall taken down by
a 3mb/sec spoof
But SYN floods are easily detected and deflected by all modern firewalls. If a
handshake doesn’t complete within a certain time interval, the SYN is
discarded.
Many DDOS attacks are full-fledged TCP sessions. The zombies are used to
simulate legitimate users, and because they’re coming from th
On 08/03/2015 05:40 AM, Mel Beckman wrote:
What would be the point of spoofing the source IPs to be identical?
You're just making the attack trivial to block. Plus you could never
do any kind of TCP session attack, since you can't complete a
handshake. I would have to call this sort of attack a
Children!
Regards,
Dovid
-Original Message-
From: valdis.kletni...@vt.edu
Sender: "NANOG" Date: Mon, 03 Aug 2015 00:20:23
To:
Cc:
Subject: Re: GoDaddy : DDoS :: Contact
On Mon, 03 Aug 2015 03:58:31 -, tqr2813d376cjozqa...@tutanota.com said:
> > It seems most peo
Hi,
> What would be the point of spoofing the source IPs to be identical? You're
> just making the attack trivial to block. Plus you could never do any kind of
> TCP session attack, since you can't complete a handshake. I would have to
> call this sort of attack a LAAADDoS (Lame Attempt At A D
On 3 Aug 2015, at 19:40, Mel Beckman wrote:
What would be the point of spoofing the source IPs to be identical?
You're just making the attack trivial to block.
Attackers do strange things all the time.
Most endpoint organizations don't have any way to detect/classify DDoS
traffic, so they've
John,
What would be the point of spoofing the source IPs to be identical? You're just
making the attack trivial to block. Plus you could never do any kind of TCP
session attack, since you can't complete a handshake. I would have to call this
sort of attack a LAAADDoS (Lame Attempt At A DDoS).
On 3 Aug 2015, at 12:10, John Levine wrote:
Given how easy it still is to put a fake source address in an IP
packet, it seems optimistic to assume that just because the packets
all have the same return address, they're actually coming from the
same place.
Concur 100% - we see that from time t
>> DDoS = multiple IPs
>>
>> DoS = single IP
>
>It seems most people colloquially use DDoS for both, and reserve DoS for
>magic-packet blocking exploits like the latest BIND CVE, FYI.
Given how easy it still is to put a fake source address in an IP
packet, it seems optimistic to assume that just
3. Aug 2015 04:20 by valdis.kletni...@vt.edu:
On Mon, 03 Aug 2015 03:58:31 -, tqr2813d376cjozqa...@tutanota.com said:
>> > It seems most people colloquially use DDoS for both, and reserve DoS for
>> > magic-packet blocking exploits like the latest BIND CVE, FYI.
>> Then they are mistaken, unfo
On Mon, 03 Aug 2015 03:58:31 -, tqr2813d376cjozqa...@tutanota.com said:
> > It seems most people colloquially use DDoS for both, and reserve DoS for
> > magic-packet blocking exploits like the latest BIND CVE, FYI.
> Then they are mistaken, unfortunately.
Feel free to try to reclaim the old
On 3 Aug 2015, at 10:58, tqr2813d376cjozqa...@tutanota.com wrote:
Then they are mistaken, unfortunately.
Bring pedantic for its own sake, when there's little possibility of
confusion, isn't really constructive. Everyone, including you, knew
what he meant.
3. Aug 2015 03:54 by rdobb...@arbor.net:
> On 3 Aug 2015, at 6:16, > tqr2813d376cjozqa...@tutanota.com> wrote:
>
>> DDoS = multiple IPs
>>
>> DoS = single IP
>
> It seems most people colloquially use DDoS for both, and reserve DoS for
> magic-packet blocking exploits like the latest BIND CVE, F
On 3 Aug 2015, at 6:16, tqr2813d376cjozqa...@tutanota.com wrote:
DDoS = multiple IPs
DoS = single IP
It seems most people colloquially use DDoS for both, and reserve DoS for
magic-packet blocking exploits like the latest BIND CVE, FYI.
---
Roland Dobbins
Just block it
--
Jason Hellenthal
JJH48-ARIN
On Aug 2, 2015, at 14:59, Jason LeBlanc wrote:
My company is being DDoS'd by a single IP from a GoDaddy customer.
I havent had success with the ab...@godaddy.com email. Was hoping someone
that could help might be watching the list and could con
Not to be difficult, but how can it be a DDoS attack if it’s coming from a
single IP? Normally you would just block this IP at your borders or ask your
upstreams to do so before it consumes your bandwidth. You still want to get
GoDaddy to address the problem, of course, but you should do that vi
2. Aug 2015 19:59 by jason.lebl...@infusionsoft.com:
> My company is being DDoS'd by a single IP from a GoDaddy customer.
>
DDoS = multiple IPs
DoS = single IP
My company is being DDoS'd by a single IP from a GoDaddy customer.
I havent had success with the ab...@godaddy.com email. Was hoping someone
that could help might be watching the list and could contact me off-list.
//Jason
21 matches
Mail list logo