[186364] in North American Network Operators' Group


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: John McAfee: Massive DDoS attack on the internet was from

daemon@ATHENA.MIT.EDU (Rich Kulawiec)
Sat Dec 12 12:42:24 2015

X-Original-To: nanog@nanog.org
Date: Sat, 12 Dec 2015 12:42:20 -0500
From: Rich Kulawiec <rsk@gsp.org>
To: nanog@nanog.org
In-Reply-To: <566C5823.8010707@shankland.org>
Errors-To: nanog-bounces@nanog.org

On Sat, Dec 12, 2015 at 09:23:47AM -0800, Jim Shankland wrote:
> Also, this jumped out at me:
> 
> "The problem with the recent attack is that the originating IP
> addresses were evenly distributed within the IPV4 universe," McAfee
> says. "This is virtually impossible using spoofing."
> 
> Am I missing something, or is an even distribution of originating IP
> addresses virtually impossible *without* using spoofing?

I think it's quite doable using botnets.  I routinely log attacks/abuse 
that are clearly coordinated, yet originate from very diverse sources.

---rsk


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[186364] in North American Network Operators' Group

Re: John McAfee: Massive DDoS attack on the internet was from

daemon@ATHENA.MIT.EDU (Rich Kulawiec)Sat Dec 12 12:42:24 2015

daemon@ATHENA.MIT.EDU (Rich Kulawiec)
Sat Dec 12 12:42:24 2015