Krebs on Security booted off Akamai network after DDoS attack proves pricey

Jared Mauch jared at
Fri Sep 23 21:29:59 UTC 2016

> On Sep 23, 2016, at 5:24 PM, Hugo Slabbert <hugo at> wrote:
> Please tell me why I can't spoof source IPs on a stateless protocol like GRE. If he specifically meant you can't spoof a source, hit a reflector, and gain amplification, sure, but I see zero reason why GRE can't have spoofed source IPs. It bothered me sufficiently that I wrote up some spit-balling ideas about reflecting GRE using double encapsulation[2]. Very rough and untested, but apparently I got a bee in my bonnet...

my guess is the GRE traffic was harder to filter because many providers use GRE to deliver ‘clean’ traffic back to origin sites.

- Jared

More information about the NANOG mailing list