[j-nsp] Cisco vs Juniper confused

Roland Dobbins rdobbins at arbor.net
Tue Apr 19 12:27:18 EDT 2016


On 16 Apr 2016, at 23:25, Satish Patel wrote:

> We are seeing attack all over the world, how you will stop them using
> source blackholing?

It is a tool in the toolbox.  It is very effective in certain scenarios 
as a) it runs at wire-speed on the routers, b) can handle tens of 
thousands (if not more) of sources, and c) a great deal of large-scale 
attacks such as UDP reflection/amplification attacks aren't spoofed from 
the perspective of the attack target.

> These day most of people use opendns and chargen style spoofing 
> attack.

#1, this is incorrect.  It isn't wise to generalize based solely upon 
your own *perceived* experiences (which may be incomplete for various 
reasons).

#2, as noted above, UDP reflection/amplification attacks aren't spoofed 
on the reflector/amplifier-target leg of the attack.  While you 
obviously wouldn't S/RTBH OpenDNS, you can S/RTBH lots of other attack 
sources.

I've been using S/RTBH operationally for many years, and helping others 
do the same.  It's another tool in the toolbox, and can be a very useful 
one, when utilized appropriately.

-----------------------------------
Roland Dobbins <rdobbins at arbor.net>


More information about the juniper-nsp mailing list