BCP38 making it work, solving problems

Patrick W Gilmore patrick at ianai.net
Tue Oct 12 17:15:30 UTC 2004


On Oct 12, 2004, at 12:50 PM, Bora Akyol wrote:

>    2.3. For a DDoS attack to succeed more than once, the launch points 
> must
>    remain anonymous.  Therefore, forged IP source addresses are used.  
> From
>    the victim's point of view, a DDoS attack seems to come from 
> everywhere
>    at once, even from many IP addresses that are unallocated or 
> otherwise
>    invalid.
>
> How many people have seen "forged" spoofed IP addresses being used
> for DOS attacks lately?

<raises hand>

Not saying that I have not see non-forged DoS attacks too, or even 
which is more common, just saying they exist, are happening today, and 
cause non-trivial problems for some providers.

 From my _personal_ experience (not my company, not a scientific 
sampling), it appears non-spoofed sources are a bigger problem.  But 
ignoring spoofed sources would be a mistake, IMHO.

-- 
TTFN,
patrick




More information about the NANOG mailing list