North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: down sev0?

  • From: Gadi Evron
  • Date: Fri Oct 27 00:49:30 2006

On Thu, 26 Oct 2006, Chris L. Morrow wrote:
> On Wed, 25 Oct 2006, Randy Bush wrote:
> > > I don't want to detract from the heat of this discussion, as
> > > important as it is, but it (the discussion) illustrates a point
> > > that RIPE has recognized -- and is actively perusing -- yet, ISPs
> > > on this continent seem consistently to ignore: The consistent
> > > implementation of BCP 38.
> >
> > oh?  you have knowledge that this botnet attack used spoofed source
> > addresses?
> what's curious, to me atleat, is that folks equate 'botnet' and 'spoofed
> source attacks' more often than I'd think is reasonable. I've not got
> 'hard numbers' but almost every time the attack is determined to be
> 'botnet' it's not spoofed.
> Odd... (not that I'm against bcp38, I just think the distraction in
> conversation from 'bcp38 is good' to 'we must stop bots' is not helpful)

SAT time.

Almost all spoofed attacks are run by botnets.
Almost all attacks are run by botnets
Almost all spoofed attacked are bigger by a large factor

Almost all botnet attacks are spoofed attacks? Not quite.

That's about it.