Re: Death of the Internet, Film at 11

[Randy Bush <randy () psg com>]

> > Could mobile phones become a source of such attacks ?
>
> Depends both on the phone and on the network.  But since Dyn-style
> attacks don't use IP spoofing, it doesn't really matter.

J-F's question was not about ip spoofing, but rather the infected
devices being behind nats.  in the states, much broadband is not behind
a cgn, but is behind home nats.  more mobile is behind cgn [0].  cgns
mean fewer visible attacking source addresses.  it would be interesting
to see the home-soho vs cgn distribution of attacks such as krebs and
dyn.

> > If the number of infected devices in eastern USA is insufficient to
> > have caused that DDoS, can one infer that the attack used an actual
> > IP address instead of the anycast one in order to target the the
> > eastern USA hosts irrespective of the location of the infected
> > device?
>
> No.  Anycast addresses are real IP addresses.

true.

> There isn't a "real" address to attack.

usually false.  dns clusters have management interfaces.  i suspect the
congestion pattern attacking them would be different than that of attack
on the anycast; but that is conjecture.

randy

--

0 - to get an idea of the vast scale of cgn deployment see philipp's
    preso of our imc paper from ripe 75