Re: peering requirements (Re: DDOS anecdotes)

[Paul A Vixie <vixie () mfnx net>]

> But please don't forget that in this particular DDoS event
> there was no IP spoofing.
>
> So anti-spoofing precautions, either on administrative or technical
> level, would be useless in this case.
>
> And this case is not so untypical.

that doesn't matter to me.  i, and people i'm various close to, am attacked
several times daily.  sometimes in a hard way, sometimes in a soft way, but
almost always using spoofed addresses.  tracking these hop by hop using mac
addresses at exchange points only works if the stream is steady.  it's not.

> my .002$

i was not basing my recommendation for a general peering agreement upgrade
on any specific attack.  it's the pattern of attacks over the last decade
that's got me bugged.  any angry teenager with a $300 openbsd machine can
bring down any part of the internet they're angry at.  with impunity.