[192250] in North American Network Operators' Group
Re: Death of the Internet, Film at 11
daemon@ATHENA.MIT.EDU (Ronald F. Guilmette)
Sun Oct 23 18:23:51 2016
X-Original-To: nanog@nanog.org
From: "Ronald F. Guilmette" <rfg@tristatelogic.com>
cc: nanog@nanog.org
In-Reply-To: <580BF49C.5090209@vaxination.ca>
Date: Sun, 23 Oct 2016 15:23:48 -0700
Errors-To: nanog-bounces@nanog.org
In message <580BF49C.5090209@vaxination.ca>,
Jean-Francois Mezei <jfmezei_nanog@vaxination.ca> wrote:
>10s of millons of IP addresses. Is it realistic to have 10s of millions
>of infected devices ? Or is that the dense smoke that points to IP
>spoofing ?
I haven't read the latest up-to-the-minute reports on this event, but
I do suspect that Dyn knows the difference between UDP and TCP, and
my understanding is that the latter is a wee bit difficult to spoof
these days. Not impossible, perhaps, but quite tedious.
I don't think that Dyn would have come out and said "10 million" if
it was all easily spoofable UDP that they were getting. In that case,
they would either have said "we got a ton of spoofed traffic" or else,
if they felt like being publically lampooned, they would have estimated
the number of attacking IPs at three billion.
So, bottom line, if Dyn said "10 million" I suspect that they intended
to imply also "via TCP".
Regards,
rfg
