[74713] in North American Network Operators' Group
Re: BCP38 making it work, solving problems
daemon@ATHENA.MIT.EDU (Patrick W Gilmore)
Tue Oct 12 13:19:01 2004
In-Reply-To: <BD91597F.BC71%bora@cisco.com>
Cc: Patrick W Gilmore <patrick@ianai.net>
From: Patrick W Gilmore <patrick@ianai.net>
Date: Tue, 12 Oct 2004 13:15:30 -0400
To: nanog@merit.edu
Errors-To: owner-nanog-outgoing@merit.edu
On Oct 12, 2004, at 12:50 PM, Bora Akyol wrote:
> 2.3. For a DDoS attack to succeed more than once, the launch points
> must
> remain anonymous. Therefore, forged IP source addresses are used.
> From
> the victim's point of view, a DDoS attack seems to come from
> everywhere
> at once, even from many IP addresses that are unallocated or
> otherwise
> invalid.
>
> How many people have seen "forged" spoofed IP addresses being used
> for DOS attacks lately?
<raises hand>
Not saying that I have not see non-forged DoS attacks too, or even
which is more common, just saying they exist, are happening today, and
cause non-trivial problems for some providers.
From my _personal_ experience (not my company, not a scientific
sampling), it appears non-spoofed sources are a bigger problem. But
ignoring spoofed sources would be a mistake, IMHO.
--
TTFN,
patrick
