[e2e] DDoS attack vs. Spoofing of Source Address
Joe Touch
touch at ISI.EDU
Thu Jan 19 12:23:27 PST 2006
John Kristoff wrote:
> On Thu, 19 Jan 2006 09:43:23 -0800
> Joe Touch <touch at ISI.EDU> wrote:
>
>> Further, no attacker would intentionally spoof bogons;
>
> Many DoS agents have had the ability to randomly fake the source
> address and of course they commonly come up with a "bogon".
Sure. That sounds more like a bug in their source address checking code,
IMO.
> Agents sometimes also have the capability to fake the source address
> within some variable length netmask. I guess if attackers really
> cared about the "quality" of their faked sources they probably
> wouldn't want use a bogon, but they don't really need to care as I
> mentioned earlier so sometimes you do see it.
They would care if they really cared about hiding; sourcing bogons is a
fairly clear indication that something is wrong - intentional or not.
Joe
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 250 bytes
Desc: OpenPGP digital signature
Url : http://www.postel.org/pipermail/end2end-interest/attachments/20060119/7741435c/signature.bin
More information about the end2end-interest
mailing list