Death of the Internet, Film at 11
Randy Bush
randy at psg.com
Tue Oct 25 02:30:34 UTC 2016
>> Could mobile phones become a source of such attacks ?
>
> Depends both on the phone and on the network. But since Dyn-style
> attacks don't use IP spoofing, it doesn't really matter.
J-F's question was not about ip spoofing, but rather the infected
devices being behind nats. in the states, much broadband is not behind
a cgn, but is behind home nats. more mobile is behind cgn [0]. cgns
mean fewer visible attacking source addresses. it would be interesting
to see the home-soho vs cgn distribution of attacks such as krebs and
dyn.
>> If the number of infected devices in eastern USA is insufficient to
>> have caused that DDoS, can one infer that the attack used an actual
>> IP address instead of the anycast one in order to target the the
>> eastern USA hosts irrespective of the location of the infected
>> device?
>
> No. Anycast addresses are real IP addresses.
true.
> There isn't a "real" address to attack.
usually false. dns clusters have management interfaces. i suspect the
congestion pattern attacking them would be different than that of attack
on the anycast; but that is conjecture.
randy
--
0 - to get an idea of the vast scale of cgn deployment see philipp's
preso of our imc paper from ripe 75
More information about the NANOG
mailing list