Re: BCP38 thread 93,871,738,435 (was Re: register.com down sev0?)

North American Network Operators Group

Re: BCP38 thread 93,871,738,435 (was Re: register.com down sev0?)

From: Patrick W. Gilmore
Date: Thu Oct 26 11:42:00 2006

On Oct 26, 2006, at 9:33 AM, Steven M. Bellovin wrote:

Put another way, anti-spoofing does three things: it makes reflector
attacks harder, it makes it easier to use ACLs to block sources, and it
helps people track down the bot and notify the admin. Are people actually
successfully doing either of the latter two? I'd be surprised if there
were much of either. That leaves reflector attacks. Are those that large
a portion of the attacks people are seeing?

I disagree. As someone who has been attacked by spoof-source packets, and not-spoof-source packed, I can say, from personal experience, that the former is much, much easier to mitigate.

And, as I posted before, even if all universal adoption of BCP38 means is that DDoS attacks move to botnets with 100% real source IP addresses, that would still be a Very Good Thing, IMHO.

But perhaps others feel differently. Or perhaps they just haven't been attacked enough. :)

--
TTFN,
patrick

References:
- Re: BCP38 thread 93,871,738,435 (was Re: register.com down sev0?) Fergie
- Re: BCP38 thread 93,871,738,435 (was Re: register.com down sev0?) Sean Donelan
- Re: BCP38 thread 93,871,738,435 (was Re: register.com down sev0?) Steven M. Bellovin

Prev by Date: Re: register.com down sev0?
Next by Date: Re: register.com down sev0?
Date Index
Thread Index
Author Index
Historical