On Sat, 18 Jan 2003, Christopher L. Morrow wrote: > > Eliminating spoofed addresses from the backbone, even if it were possible > > to do 100%, would not eliminate denial of service attacks. The DDoS attacks > > This was precisely the point of Mr. Gill from AOL at the aforementioned > NANOG meeting, I believe his quote goes something like: "The ip address > used for the attack is orthogonal to the problem..." To me this makes > perfect sense... People really do get stuck on the red herring of > 'stopping all spoofing'. That isn't the problem, as you say below here its > trivial to use owned hosts by the thousands to attack with unspoofed > addresses... Rob Thomas has some good data on attacks against IRC > servers and other hosts on the internet, his data last I recall was > something like 80% of attacks use spoofed addresses, though more and more > his tracked attacks are showing from non-spoofed hosts. He can certainly > jump in and correct me though :) I can speak authoritatively from the > network I work on's perspective on this issue, more and more we have seen > non-spoofed attacks. There are still plenty of spoofed attacks, but > frankly we prefer that as its MUCH easier to track and stop.
you could partly get around this by blocking all 'SYN' packets going to your customers :-) Unless/until the kiddies start using UDP... messy.
