[93122] in North American Network Operators' Group
Re: register.com down sev0?
daemon@ATHENA.MIT.EDU (Gadi Evron)
Fri Oct 27 00:48:36 2006
Date: Thu, 26 Oct 2006 23:46:32 -0500 (CDT)
From: Gadi Evron <ge@linuxbox.org>
To: "Chris L. Morrow" <christopher.morrow@verizonbusiness.com>
Cc: Randy Bush <randy@psg.com>, Fergie <fergdawg@netzero.net>,
nanog@merit.edu
In-Reply-To: <Pine.GSO.4.58.0610262107500.284@marvin.argfrp.us.uu.net>
Errors-To: owner-nanog@merit.edu
On Thu, 26 Oct 2006, Chris L. Morrow wrote:
>
> On Wed, 25 Oct 2006, Randy Bush wrote:
> > > I don't want to detract from the heat of this discussion, as
> > > important as it is, but it (the discussion) illustrates a point
> > > that RIPE has recognized -- and is actively perusing -- yet, ISPs
> > > on this continent seem consistently to ignore: The consistent
> > > implementation of BCP 38.
> >
> > oh? you have knowledge that this botnet attack used spoofed source
> > addresses?
>
> what's curious, to me atleat, is that folks equate 'botnet' and 'spoofed
> source attacks' more often than I'd think is reasonable. I've not got
> 'hard numbers' but almost every time the attack is determined to be
> 'botnet' it's not spoofed.
>
> Odd... (not that I'm against bcp38, I just think the distraction in
> conversation from 'bcp38 is good' to 'we must stop bots' is not helpful)
>
SAT time.
Almost all spoofed attacks are run by botnets.
Almost all attacks are run by botnets
Almost all spoofed attacked are bigger by a large factor
Almost all botnet attacks are spoofed attacks? Not quite.
That's about it.
