[e2e] DDoS attack vs. Spoofing of Source Address

Joe Touch touch at ISI.EDU
Thu Jan 19 12:23:27 PST 2006



John Kristoff wrote:
> On Thu, 19 Jan 2006 09:43:23 -0800
> Joe Touch <touch at ISI.EDU> wrote:
> 
>> Further, no attacker would intentionally spoof bogons;
> 
> Many DoS agents have had the ability to randomly fake the source
> address and of course they commonly come up with a "bogon".

Sure. That sounds more like a bug in their source address checking code,
IMO.

> Agents sometimes also have the capability to fake the source address
> within some variable length netmask.  I guess if attackers really
> cared about the "quality" of their faked sources they probably
> wouldn't want use a bogon, but they don't really need to care as I
> mentioned earlier so sometimes you do see it.

They would care if they really cared about hiding; sourcing bogons is a
fairly clear indication that something is wrong - intentional or not.

Joe

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 250 bytes
Desc: OpenPGP digital signature
Url : http://www.postel.org/pipermail/end2end-interest/attachments/20060119/7741435c/signature.bin


More information about the end2end-interest mailing list