Source address validation (was Re: UUNet Offer New Protection

Paul Vixie vixie at vix.com
Sun Mar 7 07:29:54 UTC 2004


sean at donelan.com (Sean Donelan) writes:

> > Try saying that after running a major DDoS target, with "HIT ME" your
> > forehead.  No offense Sean but I'd like you to back your claim up with
> > some impirical data first.
> 
> Has the number of DDOS attacks increased or decreased in the last few
> years has uRPF has become more widely deployed?

the number of spoofed-source attacks is down only-slightly.

> Do you have any evidence the number of attacks are decreasing?

the overall number of attacks and their volume seems to be decreasing
ever-so-slightly, but the ferocity of the attacks that come through seems
to be increasing more-than-slightly.

and, when defending against one of these, every valid source address is
worth its figurative weight in gold, and constitutes a minor compromise
for the attacker, even if the host it helps to identify is disposable,
easily replaced, and difficult to repair.

[ of course, sean, i could just be making that part up.  but since i keep
saying it and since i get attacked pretty frequently, i might be telling
the truth.  it could be worth assuming a little credibility and seeing
where that leads you.  (but, we digress.) ]
-- 
Paul Vixie



More information about the NANOG mailing list