[93151] in North American Network Operators' Group
Re: BCP38 thread 93,871,738,435 + SPF
daemon@ATHENA.MIT.EDU (Douglas Otis)
Fri Oct 27 18:34:44 2006
In-Reply-To: <Pine.GSO.4.58.0610271702330.284@marvin.argfrp.us.uu.net>
Cc: nanog@merit.edu
From: Douglas Otis <dotis@mail-abuse.org>
Date: Fri, 27 Oct 2006 15:33:59 -0700
To: "Chris L. Morrow" <christopher.morrow@verizonbusiness.com>
Errors-To: owner-nanog@merit.edu
On Oct 27, 2006, at 10:03 AM, Chris L. Morrow wrote:
>
> On Fri, 27 Oct 2006 Michael.Dillon@btradianz.com wrote:
>>
>> Or you could look at it as a weakness of SPF that should be used
>> as a justification for discouraging its use. After all if we
>> discourage botnets because they are DDoS enablers, shouldn't we
>> discourage other DDoS enablers like SPF?
>
> under this assumption we should discourage user use of the
> internet... :(
> anyway, please let's get back to the original discussion :)
As Steve already pointed out, BCP38 is not a complete solution. Not
only does SPF prevent the source of a Botnet attack from being
detected, it also enables significantly greater amplification than
might be achieved with a spoofed source DNS reflective attack. In
addition, the Botnet resources are not wasted, as their spam is still
being delivered. This aspect alone dangerously changes the costs
related to such attacks. It seems wholly imprudent not to consider
SPF in the same discussion.
-Doug
