|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: DDoS attacks, spoofed source addresses and adjusted TTLs
On Wed, 3 Aug 2005, Mike Tancsa wrote: > At 04:55 PM 03/08/2005, Christopher L. Morrow wrote: > > > hops away, the TTL of the packet when it got to me was 56). Yes, I know > > > those could be adjusted in theory to mask multiple sources, but in practice > > > has anyone seen that ? > > > >what exactly was the question? > > You answered it mostly-- what do people see in the real world-- plain jane oh phew :) > dropped before they leave my network). Have that many networks implemented > RPF as to make spoofed addresses moot ? probably not :( reference the MIT spoofer project: paper -> http://www.mit.edu/~rbeverly/papers/spoofer-sruit05.html nanog preso -> http://www.nanog.org/mtg-0505/beverly.html project-homepage: http://spoofer.csail.mit.edu. probably simpler to just get bots than spoof.
|