nanog mailing list archives

Re: DDoS attacks, spoofed source addresses and adjusted TTLs

From: "Christopher L. Morrow" <christopher.morrow () mci com>
Date: Wed, 03 Aug 2005 21:22:51 +0000 (GMT)



On Wed, 3 Aug 2005, Mike Tancsa wrote:

At 04:55 PM 03/08/2005, Christopher L. Morrow wrote:

hops away, the TTL of the packet when it got to me was 56).  Yes, I know
those could be adjusted in theory to mask multiple sources, but in practice
has anyone seen that ?


what exactly was the question?


You answered it mostly-- what do people see in the real world-- plain jane


oh phew :)

dropped before they leave my network). Have that many networks implemented
RPF as to make spoofed addresses moot ?


probably not :( reference the MIT spoofer project:
paper ->
http://www.mit.edu/~rbeverly/papers/spoofer-sruit05.html
nanog preso ->
http://www.nanog.org/mtg-0505/beverly.html

project-homepage: http://spoofer.csail.mit.edu.

probably simpler to just get bots than spoof.

Current thread:

DDoS attacks, spoofed source addresses and adjusted TTLs Mike Tancsa (Aug 03)
- Re: DDoS attacks, spoofed source addresses and adjusted TTLs Christopher L. Morrow (Aug 03)
  - Re: DDoS attacks, spoofed source addresses and adjusted TTLs Mike Tancsa (Aug 03)
    - Re: DDoS attacks, spoofed source addresses and adjusted TTLs Christopher L. Morrow (Aug 03)