[93083] in North American Network Operators' Group
Re: BCP38 thread 93,871,738,435 (was Re: register.com down sev0?)
daemon@ATHENA.MIT.EDU (Patrick W. Gilmore)
Thu Oct 26 11:41:47 2006
In-Reply-To: <20061026093324.f56f7f5d.smb@cs.columbia.edu>
Cc: "Patrick W. Gilmore" <patrick@ianai.net>
From: "Patrick W. Gilmore" <patrick@ianai.net>
Date: Thu, 26 Oct 2006 11:30:22 -0400
To: nanog@merit.edu
Errors-To: owner-nanog@merit.edu
On Oct 26, 2006, at 9:33 AM, Steven M. Bellovin wrote:
> Put another way, anti-spoofing does three things: it makes reflector
> attacks harder, it makes it easier to use ACLs to block sources,
> and it
> helps people track down the bot and notify the admin. Are people
> actually
> successfully doing either of the latter two? I'd be surprised if
> there
> were much of either. That leaves reflector attacks. Are those
> that large
> a portion of the attacks people are seeing?
I disagree. As someone who has been attacked by spoof-source
packets, and not-spoof-source packed, I can say, from personal
experience, that the former is much, much easier to mitigate.
And, as I posted before, even if all universal adoption of BCP38
means is that DDoS attacks move to botnets with 100% real source IP
addresses, that would still be a Very Good Thing, IMHO.
But perhaps others feel differently. Or perhaps they just haven't
been attacked enough. :)
--
TTFN,
patrick
