nanog mailing list archives

Re: BCP38 thread 93,871,738,435 + SPF

From: Gadi Evron <ge () linuxbox org>
Date: Sat, 28 Oct 2006 00:52:37 -0500 (CDT)


On Fri, 27 Oct 2006, Douglas Otis wrote:

As Steve already pointed out, BCP38 is not a complete solution.  Not  
only does SPF prevent the source of a Botnet attack from being  
detected, it also enables significantly greater amplification than  
might be achieved with a spoofed source DNS reflective attack.  In  
addition, the Botnet resources are not wasted, as their spam is still  
being delivered.  This aspect alone dangerously changes the costs  
related to such attacks.   It seems wholly imprudent not to consider  
SPF in the same discussion.

-Doug


Doug, I wonder, HOW do you intend / do track down the source of a botnet
attack? I know how I and others do it. There are three approaches which
fork everywhere on an expression tree.

If you believe SPF prevents you from doing it, can you elaborate how?

Current thread:

Re: BCP38 thread 93,871,738,435 (was Re: register.com down sev0?), (continued)
- - Re: BCP38 thread 93,871,738,435 (was Re: register.com down sev0?) Per Heldal (Oct 26)
  - Re: BCP38 thread 93,871,738,435 (was Re: register.com down sev0?) Steven M. Bellovin (Oct 26)
    - Re: BCP38 thread 93,871,738,435 Florian Weimer (Oct 26)
    - Re: BCP38 thread 93,871,738,435 Steven M. Bellovin (Oct 26)
    - Re: BCP38 thread 93,871,738,435 + SPF Douglas Otis (Oct 26)
    - Re: BCP38 thread 93,871,738,435 + SPF Michael . Dillon (Oct 27)
    - Re: BCP38 thread 93,871,738,435 + SPF Chris L. Morrow (Oct 27)
    - Re: BCP38 thread 93,871,738,435 + SPF Michael . Dillon (Oct 27)
    - Re: BCP38 thread 93,871,738,435 + SPF Chris L. Morrow (Oct 27)
    - Re: BCP38 thread 93,871,738,435 + SPF Douglas Otis (Oct 27)
    - Re: BCP38 thread 93,871,738,435 + SPF Gadi Evron (Oct 27)
    - Re: BCP38 thread 93,871,738,435 + SPF Douglas Otis (Oct 29)
    - Re: BCP38 thread 93,871,738,435 + SPF Gadi Evron (Oct 29)
    - Re: BCP38 thread 93,871,738,435 + SPF Douglas Otis (Oct 29)
    - Re: BCP38 thread 93,871,738,435 + SPF Gadi Evron (Oct 29)
    - Re: BCP38 thread 93,871,738,435 + SPF Randy Bush (Oct 27)
    - Re: BCP38 thread 93,871,738,435 + SPF Florian Weimer (Oct 27)
    - Re: BCP38 thread 93,871,738,435 + SPF Douglas Otis (Oct 27)
    - Re: BCP38 thread 93,871,738,435 (was Re: register.com down sev0?) Patrick W. Gilmore (Oct 26)
    - Re: BCP38 thread 93,871,738,435 (was Re: register.com down sev0?) Don (Oct 26)
    - Re: BCP38 thread 93,871,738,435 (was Re: register.com down sev0?) william(at)elan.net (Oct 26)

(Thread continues...)