[AusNOG] Why BCP38 is important

Mark Smith markzzzsmith at yahoo.com.au
Sat Nov 3 09:38:42 EST 2012


>________________________________
> From: Joshua D'Alton <joshua at railgun.com.au>
>To: Jarryd Sullivan <Jarryd.Sullivan at area9.com.au> 
>Cc: "ausnog at lists.ausnog.net" <ausnog at lists.ausnog.net> 
>Sent: Friday, 2 November 2012 8:29 PM
>Subject: Re: [AusNOG] Why BCP38 is important
> 
>
>That is the same attack vector yes, although obviously not specifically targeted to one site.
>
>
>The funny thing is how those guys don't seem to understand Anycast and that their attack will do bugger all especially with about 4 layers of DNS caching after the root servers. facepalm.
>

Anonymous don't seem to be aware of BCP38, which would have mitigated a lot of their attack, however that also demonstrates why BCP38 is a must to implement.

>

>On Fri, Nov 2, 2012 at 8:26 PM, Jarryd Sullivan <Jarryd.Sullivan at area9.com.au> wrote:
>
>I came across this a while ago and when I read about the attack in the article it reminded me of it...Excuse me for not completely understanding it but I believe what is described in this link is pretty much what happened?
>>
>>http://pastebin.com/NKbnh8q8
>>
>>Excuse the disclaimer it's appended automatically.
>>________________________________________
>>From: ausnog-bounces at lists.ausnog.net [ausnog-bounces at lists.ausnog.net] on behalf of Mark Smith [markzzzsmith at yahoo.com.au]
>>Sent: Friday, November 02, 2012 6:21 PM
>>To: ausnog at ausnog.net
>>Subject: [AusNOG] Why BCP38 is important
>>
>>
>>"Open DNS resolvers behind gigantic DDoS"
>>http://www.itnews.com.au/News/321618,open-dns-resolvers-behind-gigantic-ddos.aspx
>>
>>
>>The article is a bit incorrect in concluding that the only cause is DNS
>>resolvers available to anybody, it is also because the hosts that are used
>>in the DDoS can spoof source addresses, causing the DNS resolver replies
>>to be sent instead to DDoS attack victim.
>>
>>If you're unfamiliar with BCP38, please read the following and then implement
>>it to help prevent these sorts of attacks.
>>
>>"Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing"
>>http://tools.ietf.org/html/bcp38
>>
>>
>>For ISPs, BCP38 will also prevent the "quota free tunnels" presented by Warren at this year's Ausnog:
>>
>> Using a lack of source address filtering to create 'quota-free' tunnels between collaborators
>>http://www.ausnog.net/images/ausnog-2012/presentations/05-ausnog2012-WarrenHarrop.pdf
>>
>>_______________________________________________
>>AusNOG mailing list
>>AusNOG at lists.ausnog.net
>>http://lists.ausnog.net/mailman/listinfo/ausnog
>>
>>________________________________
>>
>>The information contained in this message and any attachments may be confidential information. If you are not the intended recipient, you must not use or forward the information contained in these documents. If you have received this message in error, please delete the email and notify the sender.
>>
>>Internet communications are not secure. You should scan this message and any attachments for viruses. Under no circumstances do we accept liability for any loss or damage which may result from your receipt of this message or any attachments.
>>
>>_______________________________________________
>>AusNOG mailing list
>>AusNOG at lists.ausnog.net
>>http://lists.ausnog.net/mailman/listinfo/ausnog
>>
>
>_______________________________________________
>AusNOG mailing list
>AusNOG at lists.ausnog.net
>http://lists.ausnog.net/mailman/listinfo/ausnog
>
>
>



More information about the AusNOG mailing list