>Dumb question: > >If some camera, vaccum cleaner, toothbrush or refrigirator is behind >NAT, can it do IP spoofing ? Won't the "from" address be replaced by >the CPE router with the proper IP address assigned to that customer so >that on the Internet itself, that packet will travel with a real IP >routable back to the CPE ?
Depends on the way the NAT box works. But since Dyn-style attacks don't use IP spoofing, it doesn't really matter. >Could mobile phones become a source of such attacks ? Depends both on the phone and on the network. But since Dyn-style attacks don't use IP spoofing, it doesn't really matter. >If the number of infected devices in eastern USA is insufficient to have >caused that DDoS, can one infer that the attack used an actual IP >address instead of the anycast one in order to target the the eastern USA >hosts irrespective of the location of the infected device ? No. Anycast addresses are real IP addresses. There isn't a "real" address to attack. R's, John