[191731] in North American Network Operators' Group
Re: Krebs on Security booted off Akamai network after DDoS attack
daemon@ATHENA.MIT.EDU (John Levine)
Mon Sep 26 11:57:14 2016
X-Original-To: nanog@nanog.org
Date: 26 Sep 2016 15:56:49 -0000
From: "John Levine" <johnl@iecc.com>
To: nanog@nanog.org
In-Reply-To: <20160926035400.e5t5knfgdgenpi7i@slab-wks-04.int.slabnet.com>
Errors-To: nanog-bounces@nanog.org
>>That paper is about reflection attacks. From what I've read, this was
>>not a reflection attack. The IoT devices are infected with botware
>>which sends attack traffic directly. Address spoofing is not particularly
>>useful for controlling botnets.
>
>But that's not only remaining use of source address spoofing in direct
>attacks, no? Even if reflection and amplification are not used, spoofing
>can still be used for obfuscation.
I agree that it would be nice if more networks did ingress filtering,
but if you're expecting a major decrease in evil, you will be
disappointed.
At this point it's mostly useful for identifying the guilty or
negligent parties afterwards.
R's,
John