[93160] in North American Network Operators' Group
Re: BCP38 thread 93,871,738,435 + SPF
daemon@ATHENA.MIT.EDU (Gadi Evron)
Sat Oct 28 01:55:44 2006
Date: Sat, 28 Oct 2006 00:52:37 -0500 (CDT)
From: Gadi Evron <ge@linuxbox.org>
To: Douglas Otis <dotis@mail-abuse.org>
Cc: "Chris L. Morrow" <christopher.morrow@verizonbusiness.com>,
nanog@merit.edu
In-Reply-To: <3A63A74B-44E7-41AD-B2B5-EA38F4D53FDC@mail-abuse.org>
Errors-To: owner-nanog@merit.edu
On Fri, 27 Oct 2006, Douglas Otis wrote:
> As Steve already pointed out, BCP38 is not a complete solution. Not
> only does SPF prevent the source of a Botnet attack from being
> detected, it also enables significantly greater amplification than
> might be achieved with a spoofed source DNS reflective attack. In
> addition, the Botnet resources are not wasted, as their spam is still
> being delivered. This aspect alone dangerously changes the costs
> related to such attacks. It seems wholly imprudent not to consider
> SPF in the same discussion.
>
> -Doug
Doug, I wonder, HOW do you intend / do track down the source of a botnet
attack? I know how I and others do it. There are three approaches which
fork everywhere on an expression tree.
If you believe SPF prevents you from doing it, can you elaborate how?
