BCP38 making it work, solving problems

Christopher L. Morrow christopher.morrow at mci.com
Tue Oct 12 17:16:25 UTC 2004


On Tue, 12 Oct 2004, Bora Akyol wrote:

> Excerpt from the text quoted above:
>
>    2.3. For a DDoS attack to succeed more than once, the launch points must
>    remain anonymous.  Therefore, forged IP source addresses are used.  From
>    the victim's point of view, a DDoS attack seems to come from everywhere
>    at once, even from many IP addresses that are unallocated or otherwise
>    invalid.
>
> How many people have seen "forged" spoofed IP addresses being used
> for DOS attacks lately?

it does still happen... I've not run the numbers for our reactions to say
'50% spoofed/50% non-spoofed' but it certainly seems like 'more' are
non-spoofed lately. This could be a simple swing of the pendulum, or other
'better' things like more people egress filtering.

-Chris



More information about the NANOG mailing list