[68260] in North American Network Operators' Group
Re: Source address validation (was Re: UUNet Offer New Protection
daemon@ATHENA.MIT.EDU (Paul Vixie)
Sun Mar 7 02:31:11 2004
To: nanog@merit.edu
From: Paul Vixie <vixie@vix.com>
Date: 07 Mar 2004 07:29:54 +0000
In-Reply-To: <Pine.GSO.4.58.0403070212071.8056@clifden.donelan.com>
Errors-To: owner-nanog-outgoing@merit.edu
sean@donelan.com (Sean Donelan) writes:
> > Try saying that after running a major DDoS target, with "HIT ME" your
> > forehead. No offense Sean but I'd like you to back your claim up with
> > some impirical data first.
>
> Has the number of DDOS attacks increased or decreased in the last few
> years has uRPF has become more widely deployed?
the number of spoofed-source attacks is down only-slightly.
> Do you have any evidence the number of attacks are decreasing?
the overall number of attacks and their volume seems to be decreasing
ever-so-slightly, but the ferocity of the attacks that come through seems
to be increasing more-than-slightly.
and, when defending against one of these, every valid source address is
worth its figurative weight in gold, and constitutes a minor compromise
for the attacker, even if the host it helps to identify is disposable,
easily replaced, and difficult to repair.
[ of course, sean, i could just be making that part up. but since i keep
saying it and since i get attacked pretty frequently, i might be telling
the truth. it could be worth assuming a little credibility and seeing
where that leads you. (but, we digress.) ]
--
Paul Vixie
