[Tfug] (D)DoS countermeasures
Bexley Hall
bexley401 at yahoo.com
Sun May 12 19:54:21 MST 2013
On 5/12/2013 6:33 PM, Bexley Hall wrote:
> Hi,
>
> To be clear, I can't protect against (D)DoS attacks anywhere
> "upstream" of the first "smart" exposed interface. I.e.,
> a router, bastion host, etc. -- something that can filter and
> discard the offending traffic.
>
> And, regardless, I can do nothing to impact *incoming* bandwidth
> upstream of that point. (I.e., if the link is saturated with
> adversarial traffic, nothing *I* might want can get through...
> including replies to outbound service requests!).
>
> Bottom line, all I can do is protect *within* this secured
> portion of the network (?). And, push smarts out to the fringe
> to keep the cruft from having *any* impact on internal operations.
<Grrrrr>
Sorry, this was meant to be a QUESTION posed as a set of
*assumptions*. I.e., to be *confirmed* or *refuted* (as
well as opening the door for other ideas that I may not
be seeing)
More information about the tfug
mailing list