RE: DDOS prevention offensive.

From: Jason Slagle []
Sent: Thursday, July 12, 2001 10:19 AM

> Well to sum it up in one sentence. If you eliminate the
bogus addresses, you
> can then target the actual zombie machines used to attack
the site and
> eventually eliminate the risk via patching or null route
them. So filtering
> bogus addresses, non-routable addresses, and the addresses,
which do not
> belong to your net blocks, would serve to combat the denial
of service
> attacks.

I believe the attacks in question are actually non-spoofed.

It's getting the source networks to remove the boxes that is the
problem. Most of them are .edu.

Aha! I knew there was a reason that I filter EDU <g>.