North American Network Operators Group
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: BCP38 making it work, solving problems

  • From: Patrick W Gilmore
  • Date: Tue Oct 12 13:27:45 2004 
On Oct 12, 2004, at 12:50 PM, Bora Akyol wrote:
2.3. For a DDoS attack to succeed more than once, the launch points must
remain anonymous. Therefore, forged IP source addresses are used. From
the victim's point of view, a DDoS attack seems to come from everywhere
at once, even from many IP addresses that are unallocated or otherwise
invalid.

How many people have seen "forged" spoofed IP addresses being used
for DOS attacks lately?
<raises hand>

Not saying that I have not see non-forged DoS attacks too, or even which is more common, just saying they exist, are happening today, and cause non-trivial problems for some providers.

From my _personal_ experience (not my company, not a scientific sampling), it appears non-spoofed sources are a bigger problem. But ignoring spoofed sources would be a mistake, IMHO.

--
TTFN,
patrick