Re: register.com down sev0?

[Gadi Evron <ge () linuxbox org>]

On Thu, 26 Oct 2006, Randy Bush wrote:
> > I don't think I implied anything of the sort.
>
> ahhh, but you did.
>
> > > > I don't want to detract from the heat of this discussion, as
> > > > important as it is, but it (the discussion) illustrates a point
> > > > that RIPE has recognized -- and is actively perusing -- yet, ISPs
> > > > on this continent seem consistently to ignore: The consistent
> > > > implementation of BCP 38.
> >
> > oh?  you have knowledge that this botnet attack used spoofed source
> > addresses?
>
> if the register.com botnet attack was not from spoofed addresses,
> then bcp 38 would not have helped.
>
> the case for which we know bcp 38 is useful, is the dns reflector
> attack.  so far, botnets seem to have no need to spoof, they just
> overwhelm you with zombies from real space.

And yet they do anyway.

Before the "reflector attacks" run at the beginning of this year, you
stated you do not see the need to deal with spoofing, as it is not
something being exploited.

It is being exploited, let's deal with it.

        Gadi.

> randy