[191641] in North American Network Operators' Group
Re: Krebs on Security booted off Akamai network after DDoS attack
daemon@ATHENA.MIT.EDU (Jared Mauch)
Fri Sep 23 21:45:29 2016
X-Original-To: nanog@nanog.org
From: Jared Mauch <jared@puck.nether.net>
In-Reply-To: <71F8DB12-1EF0-4E0F-9F5A-59D3DC6F16A5@slabnet.com>
Date: Fri, 23 Sep 2016 17:29:59 -0400
To: Hugo Slabbert <hugo@slabnet.com>
Cc: nanog@nanog.org
Errors-To: nanog-bounces@nanog.org
> On Sep 23, 2016, at 5:24 PM, Hugo Slabbert <hugo@slabnet.com> wrote:
>=20
> Please tell me why I can't spoof source IPs on a stateless protocol =
like GRE. If he specifically meant you can't spoof a source, hit a =
reflector, and gain amplification, sure, but I see zero reason why GRE =
can't have spoofed source IPs. It bothered me sufficiently that I wrote =
up some spit-balling ideas about reflecting GRE using double =
encapsulation[2]. Very rough and untested, but apparently I got a bee in =
my bonnet...
my guess is the GRE traffic was harder to filter because many providers =
use GRE to deliver =E2=80=98clean=E2=80=99 traffic back to origin sites.
- Jared=
