I would say that because backdoored hosts are easily available in large quantities, spoofing does not make sense and usually alarms various systems more quickly than packets from legitimate addresses.
Pete ----- Original Message ----- From: <[EMAIL PROTECTED]> To: "Rob Thomas" <[EMAIL PROTECTED]> Cc: "NANOG" <[EMAIL PROTECTED]> Sent: Thursday, July 31, 2003 4:17 PM Subject: Re: WANTED: ISPs with DDoS defense solutions > > On Wed, 30 Jul 2003, Rob Thomas wrote: > > > I've tracked 1787 DDoS attacks since 01 JAN 2003. Of that number, > > only 32 used spoofed sources. I rarely see spoofed attacks now. > > Do you have any ideas as to why that is? Is it due to more providers > doing source filtering? It wouldn't make sense for attackers to become > less sophisticated unless they became more difficult to catch for other > reasons (e.g. botnets getting bigger). > > Rich > >
