[AusNOG] Why BCP38 is important

Mark Smith markzzzsmith at yahoo.com.au
Fri Nov 2 19:51:58 EST 2012


"Open DNS resolvers behind gigantic DDoS"
http://www.itnews.com.au/News/321618,open-dns-resolvers-behind-gigantic-ddos.aspx


The article is a bit incorrect in concluding that the only cause is DNS
resolvers available to anybody, it is also because the hosts that are used
in the DDoS can spoof source addresses, causing the DNS resolver replies
to be sent instead to DDoS attack victim.

If you're unfamiliar with BCP38, please read the following and then implement 
it to help prevent these sorts of attacks.

"Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing"
http://tools.ietf.org/html/bcp38


For ISPs, BCP38 will also prevent the "quota free tunnels" presented by Warren at this year's Ausnog:

 Using a lack of source address filtering to create 'quota-free' tunnels between collaborators
http://www.ausnog.net/images/ausnog-2012/presentations/05-ausnog2012-WarrenHarrop.pdf




More information about the AusNOG mailing list