Death of the Internet, Film at 11

Ronald F. Guilmette rfg at
Sun Oct 23 22:23:48 UTC 2016

In message <580BF49C.5090209 at>, 
Jean-Francois Mezei <jfmezei_nanog at> wrote:

>10s of millons of IP addresses. Is it realistic to have 10s of millions
>of infected devices ? Or is that the dense smoke that points to IP
>spoofing ?

I haven't read the latest up-to-the-minute reports on this event, but
I do suspect that Dyn knows the difference between UDP and TCP, and
my understanding is that the latter is a wee bit difficult to spoof
these days.  Not impossible, perhaps, but quite tedious.

I don't think that Dyn would have come out and said "10 million" if
it was all easily spoofable UDP that they were getting.  In that case,
they would either have said "we got a ton of spoofed traffic" or else,
if they felt like being publically lampooned, they would have estimated
the number of attacking IPs at three billion.

So, bottom line, if Dyn said "10 million"  I suspect that they intended
to imply also "via TCP".


More information about the NANOG mailing list