On Oct 26, 2006, at 9:33 AM, Steven M. Bellovin wrote:
Put another way, anti-spoofing does three things: it makes reflector
attacks harder, it makes it easier to use ACLs to block sources,
and it
helps people track down the bot and notify the admin. Are people
actually
successfully doing either of the latter two? I'd be surprised if
there
were much of either. That leaves reflector attacks. Are those
that large
a portion of the attacks people are seeing?
I disagree. As someone who has been attacked by spoof-source
packets, and not-spoof-source packed, I can say, from personal
experience, that the former is much, much easier to mitigate.
And, as I posted before, even if all universal adoption of BCP38
means is that DDoS attacks move to botnets with 100% real source IP
addresses, that would still be a Very Good Thing, IMHO.
But perhaps others feel differently. Or perhaps they just haven't
been attacked enough. :)
--
TTFN,
patrick