John McAfee: Massive DDoS attack on the internet was from smartphone botnet on popular app

• Previous message (by thread): John McAfee: Massive DDoS attack on the internet was from smartphone botnet on popular app
• Next message (by thread): John McAfee: Massive DDoS attack on the internet was from smartphone botnet on popular app
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Jim Shankland <nanog at shankland.org> wrote:

> Also, this jumped out at me:
>
> "The problem with the recent attack is that the originating IP addresses were
> evenly distributed within the IPV4 universe," McAfee says. "This is virtually
> impossible using spoofing."
>
> Am I missing something, or is an even distribution of originating IP addresses
> virtually impossible *without* using spoofing?

You are correct and McAfee is confused.

http://root-servers.org/news/events-of-20151130.txt

   DNS root name servers that use IP anycast observed this
   traffic at a significant number of anycast sites.

This implies that the botnet was widely distributed.

   The source addresses of these particular queries appear to be
   randomized and distributed throughout the IPv4 address space.

This says the attackers also used spoofing.

Tony.
-- 
f.anthony.n.finch  <dot at dotat.at>  http://dotat.at/
Rockall, Malin, Hebrides, Bailey: East 5 to 7, occasionally gale 8 in Rockall.
Moderate or rough, occasionally very rough in Rockall. Occasional rain. Good,
occasionally poor.

• Previous message (by thread): John McAfee: Massive DDoS attack on the internet was from smartphone botnet on popular app
• Next message (by thread): John McAfee: Massive DDoS attack on the internet was from smartphone botnet on popular app
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]