[AusNOG] Why BCP38 is important

[Mark Smith]

The blog post by Cloudflare is better than the article (haven't heard the term "smurf attack" in years!)

http://blog.cloudflare.com/deep-inside-a-dns-amplification-ddos-attack



>________________________________
> From: Joshua D'Alton <joshua at railgun.com.au>
>To: "ausnog at ausnog.net" <ausnog at ausnog.net> 
>Sent: Friday, 2 November 2012 8:01 PM
>Subject: Re: [AusNOG] Why BCP38 is important
> 
>
>Very informative post, quota free tunnels is also very interesting, I've always been on the lookout for 'clever' things like this or DNS tunneling :D
>
>
>On Fri, Nov 2, 2012 at 7:51 PM, Mark Smith <markzzzsmith at yahoo.com.au> wrote:
>
>"Open DNS resolvers behind gigantic DDoS"
>>http://www.itnews.com.au/News/321618,open-dns-resolvers-behind-gigantic-ddos.aspx
>>
>>
>>The article is a bit incorrect in concluding that the only cause is DNS
>>resolvers available to anybody, it is also because the hosts that are used
>>in the DDoS can spoof source addresses, causing the DNS resolver replies
>>to be sent instead to DDoS attack victim.
>>
>>If you're unfamiliar with BCP38, please read the following and then implement 
>>it to help prevent these sorts of attacks.
>>
>>"Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing"
>>http://tools.ietf.org/html/bcp38
>>
>>
>>For ISPs, BCP38 will also prevent the "quota free tunnels" presented by Warren at this year's Ausnog:
>>
>> Using a lack of source address filtering to create 'quota-free' tunnels between collaborators
>>http://www.ausnog.net/images/ausnog-2012/presentations/05-ausnog2012-WarrenHarrop.pdf
>>
>>_______________________________________________
>>AusNOG mailing list
>>AusNOG at lists.ausnog.net
>>http://lists.ausnog.net/mailman/listinfo/ausnog
>>
>
>_______________________________________________
>AusNOG mailing list
>AusNOG at lists.ausnog.net
>http://lists.ausnog.net/mailman/listinfo/ausnog
>
>
>