[j-nsp] Cisco vs Juniper confused
Roland Dobbins
rdobbins at arbor.net
Tue Apr 19 12:27:18 EDT 2016
On 16 Apr 2016, at 23:25, Satish Patel wrote:
> We are seeing attack all over the world, how you will stop them using
> source blackholing?
It is a tool in the toolbox. It is very effective in certain scenarios
as a) it runs at wire-speed on the routers, b) can handle tens of
thousands (if not more) of sources, and c) a great deal of large-scale
attacks such as UDP reflection/amplification attacks aren't spoofed from
the perspective of the attack target.
> These day most of people use opendns and chargen style spoofing
> attack.
#1, this is incorrect. It isn't wise to generalize based solely upon
your own *perceived* experiences (which may be incomplete for various
reasons).
#2, as noted above, UDP reflection/amplification attacks aren't spoofed
on the reflector/amplifier-target leg of the attack. While you
obviously wouldn't S/RTBH OpenDNS, you can S/RTBH lots of other attack
sources.
I've been using S/RTBH operationally for many years, and helping others
do the same. It's another tool in the toolbox, and can be a very useful
one, when utilized appropriately.
-----------------------------------
Roland Dobbins <rdobbins at arbor.net>
More information about the juniper-nsp
mailing list