DDoS traffic coming from legit/botted sources that is not spoofed is not DDoS
amplification. DDoS amplification requires spoofing. If everyone did
BCP38/84, there would be no DDoS amplification attacks.
-Rich
On 10/4/22, 1:14 PM, "NANOG on behalf of Robert Blayzor via NANOG"
<nanog-bounces+rich.compton=charter....@nanog.org on behalf of nanog@nanog.org>
wrote:
CAUTION: The e-mail below is from an external source. Please exercise
caution before opening attachments, clicking links, or following guidance.
On 10/4/22 09:19, Mike Hammett wrote:
> Sorta like in the IP world, if everyone did BCP38/84, amplification
> attacks wouldn't exist. Not everyone does, so...
Wouldn't exist? Maybe only in part, BCP38/84 does nothing for a majority
of DDoS amp attacks. Most traffic is coming from legit/botted sources.
--
inoc.net!rblayzor
XMPP: rblayzor.AT.inoc.net
PGP: https://pgp.inoc.net/rblayzor/
E-MAIL CONFIDENTIALITY NOTICE:
The contents of this e-mail message and any attachments are intended solely for
the addressee(s) and may contain confidential and/or legally privileged
information. If you are not the intended recipient of this message or if this
message has been addressed to you in error, please immediately alert the sender
by reply e-mail and then delete this message and any attachments. If you are
not the intended recipient, you are notified that any use, dissemination,
distribution, copying, or storage of this message or any attachment is strictly
prohibited.
