BCP38 thread 93,871,738,435 + SPF

Gadi Evron ge at linuxbox.org
Sat Oct 28 05:52:37 UTC 2006


On Fri, 27 Oct 2006, Douglas Otis wrote:
> As Steve already pointed out, BCP38 is not a complete solution.  Not  
> only does SPF prevent the source of a Botnet attack from being  
> detected, it also enables significantly greater amplification than  
> might be achieved with a spoofed source DNS reflective attack.  In  
> addition, the Botnet resources are not wasted, as their spam is still  
> being delivered.  This aspect alone dangerously changes the costs  
> related to such attacks.   It seems wholly imprudent not to consider  
> SPF in the same discussion.
> 
> -Doug

Doug, I wonder, HOW do you intend / do track down the source of a botnet
attack? I know how I and others do it. There are three approaches which
fork everywhere on an expression tree.

If you believe SPF prevents you from doing it, can you elaborate how?




More information about the NANOG mailing list