DNS issues various
Daniel Senie
dts at senie.com
Fri Oct 25 07:48:54 UTC 2002
At 04:51 PM 10/24/2002, Kevin Houle wrote:
>--On Thursday, October 24, 2002 04:30:20 PM -0400 "David G. Andersen"
><dga at lcs.mit.edu> wrote:
>
>>Until the default behavior of most systems is to block spoofed packets,
>>it's going to remain a problem.
>
>I assert this is not the case. A significant percentage of DDoS attacks use
>legitimate source IP addresses. When there are thousands of throw-away hosts
>in the attack network, the difficulty of traceback and elimination remains,
>and so does the problem.
>
>Yes, blocking spoofed packets helps. But it is not an end-game.
It provides the identity of the party to sue for negligence, should the
damage elsewhere be severe. In large networks, it would behoove
administrators to establish ingress filters on the routers connecting
subnets, so that they can further limit spoofing or help trace the party
involved.
More information about the NANOG
mailing list