nanog mailing list archives

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

From: "John Levine" <johnl () iecc com>
Date: 26 Sep 2016 15:56:49 -0000

That paper is about reflection attacks.  From what I've read, this was 
not a reflection attack.  The IoT devices are infected with botware 
which sends attack traffic directly.  Address spoofing is not particularly 
useful for controlling botnets.


But that's not only remaining use of source address spoofing in direct 
attacks, no?  Even if reflection and amplification are not used, spoofing 
can still be used for obfuscation.


I agree that it would be nice if more networks did ingress filtering,
but if you're expecting a major decrease in evil, you will be
disappointed.

At this point it's mostly useful for identifying the guilty or
negligent parties afterwards.

R's,
John

Current thread:

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey, (continued)
- - - Message not available
    - Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey John Kristoff (Sep 26)
    - Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Ca By (Sep 25)
    - Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Mike Hammett (Sep 25)
    - Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Jay R. Ashworth (Sep 25)
    - Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Ca By (Sep 25)
    - Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Mike Hammett (Sep 25)
    - Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey John Levine (Sep 25)
    - Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Ca By (Sep 25)
    - Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey John R. Levine (Sep 25)
    - Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Hugo Slabbert (Sep 25)
    - Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey John Levine (Sep 26)
    - Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Mark Andrews (Sep 26)
    - Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Livingood, Jason (Sep 26)
    - Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Mark Andrews (Sep 26)
    - Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Mark Andrews (Sep 26)
    - Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Christopher Morrow (Sep 26)
    - Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Mark Andrews (Sep 26)
    - Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Roland Dobbins (Sep 26)
    - Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Mark Andrews (Sep 26)
    - Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Roland Dobbins (Sep 26)
    - Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Mark Andrews (Sep 26)

(Thread continues...)