"Stephen J. Wilcox" wrote:
> You are making assumptions.. Cisco havent said if the source was spoofed or not,
> as a recent nanog thread indicated a lot of attacks do not use spoofed addresses
> any more simply because the controllers have access to enough legitimate windows
> boxes to not care about discovery of source.
Interesting. I read (and just now reread) Mr. dobbins posting and made
the same assumptions, based on the part where he said:
We've been handling a multi-vector DDoS - 40-byte spoofed SYN-
~~~~~~~
flooding towards www.cisco.com (198.133.219.25/32) as well
as an HTTP-AUTH resource-exhaustion attack, and working these
issues with our upstreams.
I made the assupmtion that if the upstreams had an interest in cisco's
survival beyond the end-of-quarter numbers they would do something
useful.
Strange how we leap to these shaky conclusions.
