CCO/cisco.com issues.
Stephen J. Wilcox
steve at telecomplete.co.uk
Tue Oct 7 12:36:59 UTC 2003
On Tue, 7 Oct 2003, Suresh Ramasubramanian wrote:
> Terry Baranski [10/7/2003 6:05 AM] :
>
> > Maybe this will have the positive effect of motivating Cisco to do more
> > to encourage best practices such as edge anti-spoof filtering. To begin
> > with, Barry Green's presentations on these issues are hidden away on
> > his/Cisco's FTP server (ftp://ftp-eng.cisco.com/cons/) -- maybe it would
> > be beneficial to put them (along with write-ups) in an easily-accessible
> > and often-visited area of the main site where people will see them.
>
> There is of course BCP 38 for starters -
> http://www.armware.dk/RFC/bcp/bcp38.html
You are making assumptions.. Cisco havent said if the source was spoofed or not,
as a recent nanog thread indicated a lot of attacks do not use spoofed addresses
any more simply because the controllers have access to enough legitimate windows
boxes to not care about discovery of source.
Even with all your BCPs in place if someone can get control of enough machines
across enough networks collectively they can produce enough traffic to overwhelm
absolutely any single system on the Internet.
I am increasingly sharing the opinion that many of these high profile attacks
are carried out by a small group.. spammers or whoever they are, the only way to
tackle them is directly by hunting them down and prosecuting them. Assuming that
there is a cash motivation somewhere (eg spam) this also means that there is a
very high probability the attackers reside in a country where prosecution would
be possible eg US/Europe
Steve
More information about the NANOG
mailing list