BCP38 thread 93,871,738,435 (was Re: register.com down sev0?)

Patrick W. Gilmore patrick at ianai.net
Thu Oct 26 15:30:22 UTC 2006

On Oct 26, 2006, at 9:33 AM, Steven M. Bellovin wrote:

> Put another way, anti-spoofing does three things: it makes reflector
> attacks harder, it makes it easier to use ACLs to block sources,  
> and it
> helps people track down the bot and notify the admin. Are people  
> actually
> successfully doing either of the latter two?  I'd be surprised if  
> there
> were much of either.  That leaves reflector attacks.  Are those  
> that large
> a portion of the attacks people are seeing?

I disagree.  As someone who has been attacked by spoof-source  
packets, and not-spoof-source packed, I can say, from personal  
experience, that the former is much, much easier to mitigate.

And, as I posted before, even if all universal adoption of BCP38  
means is that DDoS attacks move to botnets with 100% real source IP  
addresses, that would still be a Very Good Thing, IMHO.

But perhaps others feel differently.  Or perhaps they just haven't  
been attacked enough. :)


More information about the NANOG mailing list