nanog mailing list archives
Re: DDoS attacks, spoofed source addresses and adjusted TTLs
From: "Christopher L. Morrow" <christopher.morrow () mci com>
Date: Wed, 03 Aug 2005 21:22:51 +0000 (GMT)
On Wed, 3 Aug 2005, Mike Tancsa wrote:
At 04:55 PM 03/08/2005, Christopher L. Morrow wrote:hops away, the TTL of the packet when it got to me was 56). Yes, I know those could be adjusted in theory to mask multiple sources, but in practice has anyone seen that ?what exactly was the question?You answered it mostly-- what do people see in the real world-- plain jane
oh phew :)
dropped before they leave my network). Have that many networks implemented RPF as to make spoofed addresses moot ?
probably not :( reference the MIT spoofer project: paper -> http://www.mit.edu/~rbeverly/papers/spoofer-sruit05.html nanog preso -> http://www.nanog.org/mtg-0505/beverly.html project-homepage: http://spoofer.csail.mit.edu. probably simpler to just get bots than spoof.
Current thread:
- DDoS attacks, spoofed source addresses and adjusted TTLs Mike Tancsa (Aug 03)
- Re: DDoS attacks, spoofed source addresses and adjusted TTLs Christopher L. Morrow (Aug 03)
- Re: DDoS attacks, spoofed source addresses and adjusted TTLs Mike Tancsa (Aug 03)
- Re: DDoS attacks, spoofed source addresses and adjusted TTLs Christopher L. Morrow (Aug 03)
- Re: DDoS attacks, spoofed source addresses and adjusted TTLs Mike Tancsa (Aug 03)
- Re: DDoS attacks, spoofed source addresses and adjusted TTLs Christopher L. Morrow (Aug 03)