BCP38 making it work, solving problems
Patrick W Gilmore
patrick at ianai.net
Tue Oct 12 17:15:30 UTC 2004
On Oct 12, 2004, at 12:50 PM, Bora Akyol wrote:
> 2.3. For a DDoS attack to succeed more than once, the launch points
> must
> remain anonymous. Therefore, forged IP source addresses are used.
> From
> the victim's point of view, a DDoS attack seems to come from
> everywhere
> at once, even from many IP addresses that are unallocated or
> otherwise
> invalid.
>
> How many people have seen "forged" spoofed IP addresses being used
> for DOS attacks lately?
<raises hand>
Not saying that I have not see non-forged DoS attacks too, or even
which is more common, just saying they exist, are happening today, and
cause non-trivial problems for some providers.
From my _personal_ experience (not my company, not a scientific
sampling), it appears non-spoofed sources are a bigger problem. But
ignoring spoofed sources would be a mistake, IMHO.
--
TTFN,
patrick
More information about the NANOG
mailing list