[74710] in North American Network Operators' Group
Re: BCP38 making it work, solving problems
daemon@ATHENA.MIT.EDU (Bora Akyol)
Tue Oct 12 12:51:36 2004
Date: Tue, 12 Oct 2004 09:50:55 -0700
From: Bora Akyol <bora@cisco.com>
To: <nanog@merit.edu>
In-Reply-To: <g31xg3q5tx.fsf@sa.vix.com>
Errors-To: owner-nanog-outgoing@merit.edu
On 10/12/04 9:06 AM, "Paul Vixie" <vixie@vix.com> wrote:
>
>> There is, of course, the issue of multihomed networks, or networks that
>> have satellite connectivity etc emitting spoofed source packets.
>
> y'know, SAC004 (http://www.icann.org/committees/security/sac004.txt) is
> only four pages long, and one of those is references. you should read it
> before you call multihomed networks an "issue" wrt BCP38 deployment. in
> fact, you should read it, and BCP38, and BCP84, before participating in
> this discussion at all, either here, or at the bar-bofs next week.
Excerpt from the text quoted above:
2.3. For a DDoS attack to succeed more than once, the launch points must
remain anonymous. Therefore, forged IP source addresses are used. From
the victim's point of view, a DDoS attack seems to come from everywhere
at once, even from many IP addresses that are unallocated or otherwise
invalid.
How many people have seen "forged" spoofed IP addresses being used
for DOS attacks lately?
Bora
