nanog mailing list archives
Re: BCP38 thread 93,871,738,435 + SPF
From: Gadi Evron <ge () linuxbox org>
Date: Sat, 28 Oct 2006 00:52:37 -0500 (CDT)
On Fri, 27 Oct 2006, Douglas Otis wrote:
As Steve already pointed out, BCP38 is not a complete solution. Not only does SPF prevent the source of a Botnet attack from being detected, it also enables significantly greater amplification than might be achieved with a spoofed source DNS reflective attack. In addition, the Botnet resources are not wasted, as their spam is still being delivered. This aspect alone dangerously changes the costs related to such attacks. It seems wholly imprudent not to consider SPF in the same discussion. -Doug
Doug, I wonder, HOW do you intend / do track down the source of a botnet attack? I know how I and others do it. There are three approaches which fork everywhere on an expression tree. If you believe SPF prevents you from doing it, can you elaborate how?
Current thread:
- Re: BCP38 thread 93,871,738,435 (was Re: register.com down sev0?), (continued)
- Re: BCP38 thread 93,871,738,435 (was Re: register.com down sev0?) Per Heldal (Oct 26)
- Re: BCP38 thread 93,871,738,435 (was Re: register.com down sev0?) Steven M. Bellovin (Oct 26)
- Re: BCP38 thread 93,871,738,435 Florian Weimer (Oct 26)
- Re: BCP38 thread 93,871,738,435 Steven M. Bellovin (Oct 26)
- Re: BCP38 thread 93,871,738,435 + SPF Douglas Otis (Oct 26)
- Re: BCP38 thread 93,871,738,435 + SPF Michael . Dillon (Oct 27)
- Re: BCP38 thread 93,871,738,435 + SPF Chris L. Morrow (Oct 27)
- Re: BCP38 thread 93,871,738,435 + SPF Michael . Dillon (Oct 27)
- Re: BCP38 thread 93,871,738,435 + SPF Chris L. Morrow (Oct 27)
- Re: BCP38 thread 93,871,738,435 + SPF Douglas Otis (Oct 27)
- Re: BCP38 thread 93,871,738,435 + SPF Gadi Evron (Oct 27)
- Re: BCP38 thread 93,871,738,435 + SPF Douglas Otis (Oct 29)
- Re: BCP38 thread 93,871,738,435 + SPF Gadi Evron (Oct 29)
- Re: BCP38 thread 93,871,738,435 + SPF Douglas Otis (Oct 29)
- Re: BCP38 thread 93,871,738,435 + SPF Gadi Evron (Oct 29)
- Re: BCP38 thread 93,871,738,435 + SPF Randy Bush (Oct 27)
- Re: BCP38 thread 93,871,738,435 + SPF Florian Weimer (Oct 27)
- Re: BCP38 thread 93,871,738,435 + SPF Douglas Otis (Oct 27)
- Re: BCP38 thread 93,871,738,435 (was Re: register.com down sev0?) Patrick W. Gilmore (Oct 26)
- Re: BCP38 thread 93,871,738,435 (was Re: register.com down sev0?) Don (Oct 26)
- Re: BCP38 thread 93,871,738,435 (was Re: register.com down sev0?) william(at)elan.net (Oct 26)