North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: BCP38 making it work, solving problems

  • From: Christopher L. Morrow
  • Date: Tue Oct 12 13:28:39 2004

On Tue, 12 Oct 2004, Bora Akyol wrote:

> Excerpt from the text quoted above:
>    2.3. For a DDoS attack to succeed more than once, the launch points must
>    remain anonymous.  Therefore, forged IP source addresses are used.  From
>    the victim's point of view, a DDoS attack seems to come from everywhere
>    at once, even from many IP addresses that are unallocated or otherwise
>    invalid.
> How many people have seen "forged" spoofed IP addresses being used
> for DOS attacks lately?

it does still happen... I've not run the numbers for our reactions to say
'50% spoofed/50% non-spoofed' but it certainly seems like 'more' are
non-spoofed lately. This could be a simple swing of the pendulum, or other
'better' things like more people egress filtering.