down sev0?

Randy Bush randy at
Thu Oct 26 16:57:32 UTC 2006

>> the case for which we know bcp 38 is useful, is the dns reflector
>> attack.  so far, botnets seem to have no need to spoof, they just
>> overwhelm you with zombies from real space.
> Incorrect.
> While that is one mode of attack from a botnet, it is not the only  
> mode.  And there are reasons for even botnets to spoof source  
> addresses.  And reasons that the attack-ee would prefer they did not.
> Randy, are you REALLY arguing -against- BCP38?  Or just yanking  
> Fergie's chain 'cause it wouldn't have helped in this particular  
> instance?

i merely said that using this particular attack to launch yet
another bcp38 religious dos against the nanog list was bogus.  have
we learned one new thing from the last day's oratory?

personally, i long ago implemented spoofing blocking in all places
i have been able to do so.  but i am not foolish enough to believe
that religious ranting on mailing lists is gonna change anyone from
doing what makes business sense for their network.  and, as spoofed
attacks other than the dns reflector seem to have been rare, that
perceived interest in anti-spoofing blocks is low when compared to
other priorities in these hard times.  i think we have converted
those who were convertable and the rest watch the religious
zealotry and scratch their heads.


More information about the NANOG mailing list