BCP38 making it work, solving problems
Christopher L. Morrow
christopher.morrow at mci.com
Tue Oct 12 17:16:25 UTC 2004
On Tue, 12 Oct 2004, Bora Akyol wrote:
> Excerpt from the text quoted above:
>
> 2.3. For a DDoS attack to succeed more than once, the launch points must
> remain anonymous. Therefore, forged IP source addresses are used. From
> the victim's point of view, a DDoS attack seems to come from everywhere
> at once, even from many IP addresses that are unallocated or otherwise
> invalid.
>
> How many people have seen "forged" spoofed IP addresses being used
> for DOS attacks lately?
it does still happen... I've not run the numbers for our reactions to say
'50% spoofed/50% non-spoofed' but it certainly seems like 'more' are
non-spoofed lately. This could be a simple swing of the pendulum, or other
'better' things like more people egress filtering.
-Chris
More information about the NANOG
mailing list