[74714] in North American Network Operators' Group
Re: BCP38 making it work, solving problems
daemon@ATHENA.MIT.EDU (Christopher L. Morrow)
Tue Oct 12 13:24:37 2004
Date: Tue, 12 Oct 2004 17:16:25 +0000 (GMT)
From: "Christopher L. Morrow" <christopher.morrow@mci.com>
In-reply-to: <BD91597F.BC71%bora@cisco.com>
To: Bora Akyol <bora@cisco.com>
Cc: nanog@merit.edu
Errors-To: owner-nanog-outgoing@merit.edu
On Tue, 12 Oct 2004, Bora Akyol wrote:
> Excerpt from the text quoted above:
>
> 2.3. For a DDoS attack to succeed more than once, the launch points must
> remain anonymous. Therefore, forged IP source addresses are used. From
> the victim's point of view, a DDoS attack seems to come from everywhere
> at once, even from many IP addresses that are unallocated or otherwise
> invalid.
>
> How many people have seen "forged" spoofed IP addresses being used
> for DOS attacks lately?
it does still happen... I've not run the numbers for our reactions to say
'50% spoofed/50% non-spoofed' but it certainly seems like 'more' are
non-spoofed lately. This could be a simple swing of the pendulum, or other
'better' things like more people egress filtering.
-Chris
