Re: Death of the Internet, Film at 11

["Ronald F. Guilmette" <rfg () tristatelogic com>]

In message <580BF49C.5090209 () vaxination ca>, 
Jean-Francois Mezei <jfmezei_nanog () vaxination ca> wrote:

> 10s of millons of IP addresses. Is it realistic to have 10s of millions
> of infected devices ? Or is that the dense smoke that points to IP
> spoofing ?

I haven't read the latest up-to-the-minute reports on this event, but
I do suspect that Dyn knows the difference between UDP and TCP, and
my understanding is that the latter is a wee bit difficult to spoof
these days.  Not impossible, perhaps, but quite tedious.

I don't think that Dyn would have come out and said "10 million" if
it was all easily spoofable UDP that they were getting.  In that case,
they would either have said "we got a ton of spoofed traffic" or else,
if they felt like being publically lampooned, they would have estimated
the number of attacking IPs at three billion.

So, bottom line, if Dyn said "10 million"  I suspect that they intended
to imply also "via TCP".


Regards,
rfg