In message <fb329d818c7cab438f0c7dd772ea102506246...@tk5ex14mbxc252.redmond.cor p.microsoft.com>, Dmitry Anipko writes: > In such an attack, is the attacker on the path between the victim and the ser > ver? If yes, there are more efficient ways how they can DoS the victim. If no > , how does the attacker know which of the billions hosts on the Internet will > be talking to this DNS server in the next second (in order to send packets w > ith fake source address to that particular victim host)? > > Separately from that, how often network operators deploy egress filtering, th > at drops packets from malicious hosts sent with fake source addresses?
Well we know enough of them don't for reflection amplicifation attacks to be a be a problem. -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------