>>That paper is about reflection attacks. From what I've read, this was >>not a reflection attack. The IoT devices are infected with botware >>which sends attack traffic directly. Address spoofing is not particularly >>useful for controlling botnets. > >But that's not only remaining use of source address spoofing in direct >attacks, no? Even if reflection and amplification are not used, spoofing >can still be used for obfuscation.
I agree that it would be nice if more networks did ingress filtering, but if you're expecting a major decrease in evil, you will be disappointed. At this point it's mostly useful for identifying the guilty or negligent parties afterwards. R's, John
