[192306] in North American Network Operators' Group
Re: Death of the Internet, Film at 11
daemon@ATHENA.MIT.EDU (Randy Bush)
Tue Oct 25 00:25:59 2016
X-Original-To: nanog@nanog.org
Date: Tue, 25 Oct 2016 11:30:34 +0900
From: Randy Bush <randy@psg.com>
To: "John Levine" <johnl@iecc.com>
In-Reply-To: <20161024124028.2180.qmail@ary.lan>
Cc: North American Network Operators' Group <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
>> Could mobile phones become a source of such attacks ?
>
> Depends both on the phone and on the network. But since Dyn-style
> attacks don't use IP spoofing, it doesn't really matter.
J-F's question was not about ip spoofing, but rather the infected
devices being behind nats. in the states, much broadband is not behind
a cgn, but is behind home nats. more mobile is behind cgn [0]. cgns
mean fewer visible attacking source addresses. it would be interesting
to see the home-soho vs cgn distribution of attacks such as krebs and
dyn.
>> If the number of infected devices in eastern USA is insufficient to
>> have caused that DDoS, can one infer that the attack used an actual
>> IP address instead of the anycast one in order to target the the
>> eastern USA hosts irrespective of the location of the infected
>> device?
>
> No. Anycast addresses are real IP addresses.
true.
> There isn't a "real" address to attack.
usually false. dns clusters have management interfaces. i suspect the
congestion pattern attacking them would be different than that of attack
on the anycast; but that is conjecture.
randy
--
0 - to get an idea of the vast scale of cgn deployment see philipp's
preso of our imc paper from ripe 75
