nanog mailing list archives

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

From: Jared Mauch <jared () puck nether net>
Date: Fri, 23 Sep 2016 17:29:59 -0400

On Sep 23, 2016, at 5:24 PM, Hugo Slabbert <hugo () slabnet com> wrote:

Please tell me why I can't spoof source IPs on a stateless protocol like GRE. If he specifically meant you can't 
spoof a source, hit a reflector, and gain amplification, sure, but I see zero reason why GRE can't have spoofed 
source IPs. It bothered me sufficiently that I wrote up some spit-balling ideas about reflecting GRE using double 
encapsulation[2]. Very rough and untested, but apparently I got a bee in my bonnet...


my guess is the GRE traffic was harder to filter because many providers use GRE to deliver ‘clean’ traffic back to 
origin sites.

- Jared

Current thread:

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey, (continued)
- - Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Mel Beckman (Sep 23)
- Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Simon Lockhart (Sep 23)
- RE: Krebs on Security booted off Akamai network after DDoS attack proves pricey Justin Krejci (Sep 23)
- Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Patrick W. Gilmore (Sep 23)
- Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Rubens Kuhl (Sep 23)
- Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey DaKnOb (Sep 23)
- Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Seth Mattinen (Sep 23)
  - Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Mike (Sep 23)
    - Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Sven-Haegar Koch (Sep 23)
    - Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Hugo Slabbert (Sep 23)
    - Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Jared Mauch (Sep 23)
    - Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Hugo Slabbert (Sep 23)
    - Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Mel Beckman (Sep 23)
    - Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Jared Mauch (Sep 23)
- Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Brandon Butterworth (Sep 25)
  - Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey jim deleskie (Sep 25)
- Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Brandon Butterworth (Sep 25)
- Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Alexander Maassen (Sep 27)