North American Network Operators Group
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: DNS issues various

  • From: Daniel Senie
  • Date: Fri Oct 25 04:37:50 2002 
At 04:51 PM 10/24/2002, Kevin Houle wrote:
--On Thursday, October 24, 2002 04:30:20 PM -0400 "David G. Andersen" <[email protected]> wrote:

Until the default behavior of most systems is to block spoofed packets,
it's going to remain a problem.

I assert this is not the case. A significant percentage of DDoS attacks use
legitimate source IP addresses. When there are thousands of throw-away hosts
in the attack network, the difficulty of traceback and elimination remains,
and so does the problem.

Yes, blocking spoofed packets helps. But it is not an end-game.
It provides the identity of the party to sue for negligence, should the damage elsewhere be severe. In large networks, it would behoove administrators to establish ingress filters on the routers connecting subnets, so that they can further limit spoofing or help trace the party involved.