nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: BCP38 making it work, solving problems

From: "Christopher L. Morrow" <christopher.morrow () mci com>
Date: Tue, 12 Oct 2004 17:16:25 +0000 (GMT)


On Tue, 12 Oct 2004, Bora Akyol wrote:


Excerpt from the text quoted above:

   2.3. For a DDoS attack to succeed more than once, the launch points must
   remain anonymous.  Therefore, forged IP source addresses are used.  From
   the victim's point of view, a DDoS attack seems to come from everywhere
   at once, even from many IP addresses that are unallocated or otherwise
   invalid.

How many people have seen "forged" spoofed IP addresses being used
for DOS attacks lately?


it does still happen... I've not run the numbers for our reactions to say
'50% spoofed/50% non-spoofed' but it certainly seems like 'more' are
non-spoofed lately. This could be a simple swing of the pendulum, or other
'better' things like more people egress filtering.

-Chris
Previous By Date Next
Previous By Thread Next

Current thread: