Nick Hilliard wrote: > It really is, but bear in mind that a single 1GE connection with no urpf > can be used to create ~250-300G of backscatter traffic. > > This means that there's only a requirement to have a single unscrupulous or > incompetent ISP with GE in the world to allow a devastating DoS to be > launched against anyone anywhere. > > Indeed - which is certainly a problem! :)
So what's the 'proper' solution to all this then beyond just adding enough capacity to absorb ever larger attacks? How's this going to end up? There must be plenty of businesses who this kind of thing is seriously affecting - and the trend upwards in size of attacks has been absolutely massive over the past year so it doesn't take long to hit a point where adding bandwidth just isn't affordable. When pretty much anyone who wants to can just knock you offline and there's very little you can do about it, something is going to have to happen. At this point we've not seen any threats or demands as a result of these attacks - as far as we know it's just kids doing it 'cos they can' - but there doesn't seem to be a solution in sight either beyond 'turn the target(s) off until they stop'.