North American Network Operators Group
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Historical
Re: BCP38 thread 93,871,738,435 + SPF
- From: Gadi Evron
- Date: Sat Oct 28 01:57:04 2006
On Fri, 27 Oct 2006, Douglas Otis wrote:
> As Steve already pointed out, BCP38 is not a complete solution. Not
> only does SPF prevent the source of a Botnet attack from being
> detected, it also enables significantly greater amplification than
> might be achieved with a spoofed source DNS reflective attack. In
> addition, the Botnet resources are not wasted, as their spam is still
> being delivered. This aspect alone dangerously changes the costs
> related to such attacks. It seems wholly imprudent not to consider
> SPF in the same discussion.
>
> -Doug
Doug, I wonder, HOW do you intend / do track down the source of a botnet
attack? I know how I and others do it. There are three approaches which
fork everywhere on an expression tree.
If you believe SPF prevents you from doing it, can you elaborate how?
|
