On 3 Aug 2015, at 21:19, Stephen Satchell wrote:
And any half-awake server operator would have turned on SYNCOOKIES a
long time ago.
I hate to tell you this, but a) SYN-cookies aren't a perfect response,
as servers don't have infinite resources, and b) stateful firewalls go
down *all the
John,
What would be the point of spoofing the source IPs to be identical? You're just
making the attack trivial to block. Plus you could never do any kind of TCP
session attack, since you can't complete a handshake. I would have to call this
sort of attack a LAAADDoS (Lame Attempt At A DDoS).
On 3 Aug 2015, at 19:40, Mel Beckman wrote:
What would be the point of spoofing the source IPs to be identical?
You're just making the attack trivial to block.
Attackers do strange things all the time.
Most endpoint organizations don't have any way to detect/classify DDoS
traffic, so
Hi,
What would be the point of spoofing the source IPs to be identical? You're
just making the attack trivial to block. Plus you could never do any kind of
TCP session attack, since you can't complete a handshake. I would have to
call this sort of attack a LAAADDoS (Lame Attempt At A
Children!
Regards,
Dovid
-Original Message-
From: valdis.kletni...@vt.edu
Sender: NANOG nanog-boun...@nanog.orgDate: Mon, 03 Aug 2015 00:20:23
To: tqr2813d376cjozqa...@tutanota.com
Cc: nanog@nanog.org
Subject: Re: GoDaddy : DDoS :: Contact
On Mon, 03 Aug 2015 03:58:31 -
On 08/03/2015 05:40 AM, Mel Beckman wrote:
What would be the point of spoofing the source IPs to be identical?
You're just making the attack trivial to block. Plus you could never
do any kind of TCP session attack, since you can't complete a
handshake. I would have to call this sort of attack a
On 3 Aug 2015, at 21:00, Roland Dobbins wrote:
due to DDoS exhaustion
That should read 'state exhaustion', apologies.
---
Roland Dobbins rdobb...@arbor.net
But SYN floods are easily detected and deflected by all modern firewalls. If a
handshake doesn’t complete within a certain time interval, the SYN is
discarded.
Many DDOS attacks are full-fledged TCP sessions. The zombies are used to
simulate legitimate users, and because they’re coming from
On 08/03/2015 07:04 AM, Roland Dobbins wrote:
On 3 Aug 2015, at 21:00, Roland Dobbins wrote:
due to DDoS exhaustion
That should read '[TCP] state exhaustion', apologies.
And any half-awake server operator would have turned on SYNCOOKIES a
long time ago.
On 3 Aug 2015, at 20:35, Mel Beckman wrote:
But SYN floods are easily detected and deflected by all modern
firewalls. If a handshake doesn’t complete within a certain time
interval, the SYN is discarded.
This is incorrect. I've seen a 20gb/sec stateful firewall taken down by
a 3mb/sec
On 3 Aug 2015, at 6:16, tqr2813d376cjozqa...@tutanota.com wrote:
DDoS = multiple IPs
DoS = single IP
It seems most people colloquially use DDoS for both, and reserve DoS for
magic-packet blocking exploits like the latest BIND CVE, FYI.
---
Roland Dobbins
3. Aug 2015 03:54 by rdobb...@arbor.net:
On 3 Aug 2015, at 6:16, tqr2813d376cjozqa...@tutanota.com wrote:
DDoS = multiple IPs
DoS = single IP
It seems most people colloquially use DDoS for both, and reserve DoS for
magic-packet blocking exploits like the latest BIND CVE, FYI.
On 3 Aug 2015, at 10:58, tqr2813d376cjozqa...@tutanota.com wrote:
Then they are mistaken, unfortunately.
Bring pedantic for its own sake, when there's little possibility of
confusion, isn't really constructive. Everyone, including you, knew
what he meant.
On Mon, 03 Aug 2015 03:58:31 -, tqr2813d376cjozqa...@tutanota.com said:
It seems most people colloquially use DDoS for both, and reserve DoS for
magic-packet blocking exploits like the latest BIND CVE, FYI.
Then they are mistaken, unfortunately.
Feel free to try to reclaim the old
3. Aug 2015 04:20 by valdis.kletni...@vt.edu:
On Mon, 03 Aug 2015 03:58:31 -, tqr2813d376cjozqa...@tutanota.com said:
It seems most people colloquially use DDoS for both, and reserve DoS for
magic-packet blocking exploits like the latest BIND CVE, FYI.
Then they are mistaken,
2. Aug 2015 19:59 by jason.lebl...@infusionsoft.com:
My company is being DDoS'd by a single IP from a GoDaddy customer.
DDoS = multiple IPs
DoS = single IP
My company is being DDoS'd by a single IP from a GoDaddy customer.
I havent had success with the ab...@godaddy.com email. Was hoping someone
that could help might be watching the list and could contact me off-list.
//Jason
DDoS = multiple IPs
DoS = single IP
It seems most people colloquially use DDoS for both, and reserve DoS for
magic-packet blocking exploits like the latest BIND CVE, FYI.
Given how easy it still is to put a fake source address in an IP
packet, it seems optimistic to assume that just because
On 3 Aug 2015, at 12:10, John Levine wrote:
Given how easy it still is to put a fake source address in an IP
packet, it seems optimistic to assume that just because the packets
all have the same return address, they're actually coming from the
same place.
Concur 100% - we see that from time
Not to be difficult, but how can it be a DDoS attack if it’s coming from a
single IP? Normally you would just block this IP at your borders or ask your
upstreams to do so before it consumes your bandwidth. You still want to get
GoDaddy to address the problem, of course, but you should do that
Just block it
--
Jason Hellenthal
JJH48-ARIN
On Aug 2, 2015, at 14:59, Jason LeBlanc jason.lebl...@infusionsoft.com wrote:
My company is being DDoS'd by a single IP from a GoDaddy customer.
I havent had success with the ab...@godaddy.com email. Was hoping someone
that could help might be
21 matches
Mail list logo