Krebs on Security booted off Akamai network after DDoS attack proves pricey
jared at puck.nether.net
Fri Sep 23 21:29:59 UTC 2016
> On Sep 23, 2016, at 5:24 PM, Hugo Slabbert <hugo at slabnet.com> wrote:
> Please tell me why I can't spoof source IPs on a stateless protocol like GRE. If he specifically meant you can't spoof a source, hit a reflector, and gain amplification, sure, but I see zero reason why GRE can't have spoofed source IPs. It bothered me sufficiently that I wrote up some spit-balling ideas about reflecting GRE using double encapsulation. Very rough and untested, but apparently I got a bee in my bonnet...
my guess is the GRE traffic was harder to filter because many providers use GRE to deliver ‘clean’ traffic back to origin sites.
More information about the NANOG