BCP38 thread 93,871,738,435 (was Re: register.com down sev0?)
Patrick W. Gilmore
patrick at ianai.net
Thu Oct 26 15:30:22 UTC 2006
On Oct 26, 2006, at 9:33 AM, Steven M. Bellovin wrote:
> Put another way, anti-spoofing does three things: it makes reflector
> attacks harder, it makes it easier to use ACLs to block sources,
> and it
> helps people track down the bot and notify the admin. Are people
> actually
> successfully doing either of the latter two? I'd be surprised if
> there
> were much of either. That leaves reflector attacks. Are those
> that large
> a portion of the attacks people are seeing?
I disagree. As someone who has been attacked by spoof-source
packets, and not-spoof-source packed, I can say, from personal
experience, that the former is much, much easier to mitigate.
And, as I posted before, even if all universal adoption of BCP38
means is that DDoS attacks move to botnets with 100% real source IP
addresses, that would still be a Very Good Thing, IMHO.
But perhaps others feel differently. Or perhaps they just haven't
been attacked enough. :)
--
TTFN,
patrick
More information about the NANOG
mailing list