Death of the Internet, Film at 11

Randy Bush randy at
Tue Oct 25 02:30:34 UTC 2016

>> Could mobile phones become a source of such attacks ?
> Depends both on the phone and on the network.  But since Dyn-style
> attacks don't use IP spoofing, it doesn't really matter.

J-F's question was not about ip spoofing, but rather the infected
devices being behind nats.  in the states, much broadband is not behind
a cgn, but is behind home nats.  more mobile is behind cgn [0].  cgns
mean fewer visible attacking source addresses.  it would be interesting
to see the home-soho vs cgn distribution of attacks such as krebs and

>> If the number of infected devices in eastern USA is insufficient to
>> have caused that DDoS, can one infer that the attack used an actual
>> IP address instead of the anycast one in order to target the the
>> eastern USA hosts irrespective of the location of the infected
>> device?
> No.  Anycast addresses are real IP addresses.


> There isn't a "real" address to attack.

usually false.  dns clusters have management interfaces.  i suspect the
congestion pattern attacking them would be different than that of attack
on the anycast; but that is conjecture.



0 - to get an idea of the vast scale of cgn deployment see philipp's
    preso of our imc paper from ripe 75

More information about the NANOG mailing list