North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: register.com down sev0?
>> the case for which we know bcp 38 is useful, is the dns reflector >> attack. so far, botnets seem to have no need to spoof, they just >> overwhelm you with zombies from real space. > > Incorrect. > > While that is one mode of attack from a botnet, it is not the only > mode. And there are reasons for even botnets to spoof source > addresses. And reasons that the attack-ee would prefer they did not. > > Randy, are you REALLY arguing -against- BCP38? Or just yanking > Fergie's chain 'cause it wouldn't have helped in this particular > instance? i merely said that using this particular attack to launch yet another bcp38 religious dos against the nanog list was bogus. have we learned one new thing from the last day's oratory? personally, i long ago implemented spoofing blocking in all places i have been able to do so. but i am not foolish enough to believe that religious ranting on mailing lists is gonna change anyone from doing what makes business sense for their network. and, as spoofed attacks other than the dns reflector seem to have been rare, that perceived interest in anti-spoofing blocks is low when compared to other priorities in these hard times. i think we have converted those who were convertable and the rest watch the religious zealotry and scratch their heads. randy