North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: BCP38 thread 93,871,738,435 + SPF

  • From: Gadi Evron
  • Date: Sat Oct 28 01:57:04 2006

On Fri, 27 Oct 2006, Douglas Otis wrote:
> As Steve already pointed out, BCP38 is not a complete solution.  Not  
> only does SPF prevent the source of a Botnet attack from being  
> detected, it also enables significantly greater amplification than  
> might be achieved with a spoofed source DNS reflective attack.  In  
> addition, the Botnet resources are not wasted, as their spam is still  
> being delivered.  This aspect alone dangerously changes the costs  
> related to such attacks.   It seems wholly imprudent not to consider  
> SPF in the same discussion.
> -Doug

Doug, I wonder, HOW do you intend / do track down the source of a botnet
attack? I know how I and others do it. There are three approaches which
fork everywhere on an expression tree.

If you believe SPF prevents you from doing it, can you elaborate how?