nanog mailing list archives
Re: BCP38 thread 93,871,738,435 + SPF
From: Douglas Otis <dotis () mail-abuse org>
Date: Sun, 29 Oct 2006 09:28:39 -0800
On Sun, 2006-10-29 at 09:40 -0600, Gadi Evron wrote:
On Sun, 29 Oct 2006, Douglas Otis wrote:How would you identify and quell an SPF attack in progress?Okay, now I understand. You speak of an attack specifically utilizing SPF, not of how SPF relates to botnets or attack traceback. The same could be said for web servers, databases behind them, DNS-SEC crypto calculations, etc.
The described indirect SPF attack does not utilize packet source spoofing, and yet may achieve amplifications greater than 1000:1. The resources to stage an SPF attack would be the ever present spam, where about 70% this is coming from Botnets. In the case of spam related SPF, the attack itself can be virtually free. While also consuming an attacker's resources, a DNS reflective attack with spoofed source packets represents a far lower impact when compared to the SPF attack. SPF represents a grave danger without means for mitigation. The same can not be said for these other protocols. -Doug
Current thread:
- Re: BCP38 thread 93,871,738,435, (continued)
- Re: BCP38 thread 93,871,738,435 Steven M. Bellovin (Oct 26)
- Re: BCP38 thread 93,871,738,435 + SPF Douglas Otis (Oct 26)
- Re: BCP38 thread 93,871,738,435 + SPF Michael . Dillon (Oct 27)
- Re: BCP38 thread 93,871,738,435 + SPF Chris L. Morrow (Oct 27)
- Re: BCP38 thread 93,871,738,435 + SPF Michael . Dillon (Oct 27)
- Re: BCP38 thread 93,871,738,435 + SPF Chris L. Morrow (Oct 27)
- Re: BCP38 thread 93,871,738,435 + SPF Douglas Otis (Oct 27)
- Re: BCP38 thread 93,871,738,435 + SPF Gadi Evron (Oct 27)
- Re: BCP38 thread 93,871,738,435 + SPF Douglas Otis (Oct 29)
- Re: BCP38 thread 93,871,738,435 + SPF Gadi Evron (Oct 29)
- Re: BCP38 thread 93,871,738,435 + SPF Douglas Otis (Oct 29)
- Re: BCP38 thread 93,871,738,435 + SPF Gadi Evron (Oct 29)
- Re: BCP38 thread 93,871,738,435 + SPF Randy Bush (Oct 27)
- Re: BCP38 thread 93,871,738,435 + SPF Florian Weimer (Oct 27)
- Re: BCP38 thread 93,871,738,435 + SPF Douglas Otis (Oct 27)
- Re: BCP38 thread 93,871,738,435 (was Re: register.com down sev0?) Patrick W. Gilmore (Oct 26)
- Re: BCP38 thread 93,871,738,435 (was Re: register.com down sev0?) Don (Oct 26)
- Re: BCP38 thread 93,871,738,435 (was Re: register.com down sev0?) william(at)elan.net (Oct 26)
- Re: BCP38 thread 93,871,738,435 (was Re: register.com down sev0?) Michael Painter (Oct 26)