North American Network Operators Group|
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Re: peering requirements (Re: DDOS anecdotes)
- From: Paul A Vixie
- Date: Tue Jun 26 15:33:43 2001
> But please don't forget that in this particular DDoS event
> there was no IP spoofing.
> So anti-spoofing precautions, either on administrative or technical
> level, would be useless in this case.
> And this case is not so untypical.
that doesn't matter to me. i, and people i'm various close to, am attacked
several times daily. sometimes in a hard way, sometimes in a soft way, but
almost always using spoofed addresses. tracking these hop by hop using mac
addresses at exchange points only works if the stream is steady. it's not.
> my .002$
i was not basing my recommendation for a general peering agreement upgrade
on any specific attack. it's the pattern of attacks over the last decade
that's got me bugged. any angry teenager with a $300 openbsd machine can
bring down any part of the internet they're angry at. with impunity.