nanog mailing list archives
Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey
From: Mark Andrews <marka () isc org>
Date: Tue, 27 Sep 2016 09:09:46 +1000
In message <20160926155649.14061.qmail () ary lan>, "John Levine" writes:
That paper is about reflection attacks. From what I've read, this was not a reflection attack. The IoT devices are infected with botware which sends attack traffic directly. Address spoofing is not particularly useful for controlling botnets.But that's not only remaining use of source address spoofing in direct attacks, no? Even if reflection and amplification are not used, spoofing can still be used for obfuscation.I agree that it would be nice if more networks did ingress filtering, but if you're expecting a major decrease in evil, you will be disappointed. At this point it's mostly useful for identifying the guilty or negligent parties afterwards. R's, John
Actually for ISP's that do it, it can becomes a source of intelligence on where the compromised / misconfigured machines are. A good ISP would be informing their customers that they are seeing anomalous traffic. With IPv6 there is likely to be more of this traffic visible as home NATs wont be masking it. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka () isc org
Current thread:
- Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey, (continued)
- Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Ca By (Sep 25)
- Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Mike Hammett (Sep 25)
- Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Jay R. Ashworth (Sep 25)
- Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Ca By (Sep 25)
- Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Mike Hammett (Sep 25)
- Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey John Levine (Sep 25)
- Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Ca By (Sep 25)
- Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey John R. Levine (Sep 25)
- Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Hugo Slabbert (Sep 25)
- Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey John Levine (Sep 26)
- Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Mark Andrews (Sep 26)
- Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Livingood, Jason (Sep 26)
- Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Mark Andrews (Sep 26)
- Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Mark Andrews (Sep 26)
- Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Christopher Morrow (Sep 26)
- Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Mark Andrews (Sep 26)
- Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Roland Dobbins (Sep 26)
- Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Mark Andrews (Sep 26)
- Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Roland Dobbins (Sep 26)
- Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Mark Andrews (Sep 26)
- Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Roland Dobbins (Sep 26)