[182854] in North American Network Operators' Group
Re: GoDaddy : DDoS : : Contact
daemon@ATHENA.MIT.EDU (Mel Beckman)
Mon Aug 3 08:42:56 2015
X-Original-To: nanog@nanog.org
From: Mel Beckman <mel@beckman.org>
To: John Levine <johnl@iecc.com>
Date: Mon, 3 Aug 2015 12:40:49 +0000
In-Reply-To: <20150803051042.11782.qmail@ary.lan>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
John,
What would be the point of spoofing the source IPs to be identical? You're =
just making the attack trivial to block. Plus you could never do any kind =
of TCP session attack, since you can't complete a handshake. I would have t=
o call this sort of attack a LAAADDoS (Lame Attempt At A DDoS). :)
-mel beckman
On Aug 2, 2015, at 10:11 PM, John Levine <johnl@iecc.com> wrote:
>>> DDoS =3D multiple IPs
>>>=20
>>> DoS =3D single IP
>>=20
>> It seems most people colloquially use DDoS for both, and reserve DoS for=
=20
>> magic-packet blocking exploits like the latest BIND CVE, FYI.
>=20
> Given how easy it still is to put a fake source address in an IP
> packet, it seems optimistic to assume that just because the packets
> all have the same return address, they're actually coming from the
> same place.
>=20
> R's,
> John
