North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: register.com down sev0?

  • From: Gadi Evron
  • Date: Fri Oct 27 00:49:30 2006

On Thu, 26 Oct 2006, Chris L. Morrow wrote:
> 
> On Wed, 25 Oct 2006, Randy Bush wrote:
> > > I don't want to detract from the heat of this discussion, as
> > > important as it is, but it (the discussion) illustrates a point
> > > that RIPE has recognized -- and is actively perusing -- yet, ISPs
> > > on this continent seem consistently to ignore: The consistent
> > > implementation of BCP 38.
> >
> > oh?  you have knowledge that this botnet attack used spoofed source
> > addresses?
> 
> what's curious, to me atleat, is that folks equate 'botnet' and 'spoofed
> source attacks' more often than I'd think is reasonable. I've not got
> 'hard numbers' but almost every time the attack is determined to be
> 'botnet' it's not spoofed.
> 
> Odd... (not that I'm against bcp38, I just think the distraction in
> conversation from 'bcp38 is good' to 'we must stop bots' is not helpful)
> 

SAT time.

Almost all spoofed attacks are run by botnets.
Almost all attacks are run by botnets
Almost all spoofed attacked are bigger by a large factor

Almost all botnet attacks are spoofed attacks? Not quite.

That's about it.