North American Network Operators Group
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Historical
Re: BCP38 making it work, solving problems
- From: Patrick W Gilmore
- Date: Tue Oct 12 13:27:45 2004
On Oct 12, 2004, at 12:50 PM, Bora Akyol wrote:
2.3. For a DDoS attack to succeed more than once, the launch points
must
remain anonymous. Therefore, forged IP source addresses are used.
From
the victim's point of view, a DDoS attack seems to come from
everywhere
at once, even from many IP addresses that are unallocated or
otherwise
invalid.
How many people have seen "forged" spoofed IP addresses being used
for DOS attacks lately?
<raises hand>
Not saying that I have not see non-forged DoS attacks too, or even
which is more common, just saying they exist, are happening today, and
cause non-trivial problems for some providers.
From my _personal_ experience (not my company, not a scientific
sampling), it appears non-spoofed sources are a bigger problem. But
ignoring spoofed sources would be a mistake, IMHO.
--
TTFN,
patrick
|
