[AusNOG] Why BCP38 is important
Tom Paseka
tom at cloudflare.com
Sat Nov 3 10:16:01 EST 2012
The anonymous attack was relying on people spoofing from their own
machines/desktops/home connections. Networks following BCP38 will have
dealt with a large amount of the traffic, as will have people being
behind NAT devices.
With the attacks CloudFlare is seeing, the sources are likely to be
originated from within hosting networks (obviously not running source
filtering) and close to lots of bandwidth. The amplification method,
while giving great amplification, still needs the host(s) doing the
spoofing / making the queries to have multiple gigs of capacity.
On a side note, any operators interesting in cleaning up open
resolvers in their networks can ping me and I'll be able to share a
list of open recursers in your network that can be cleaned up.
Cheers,
Tom
CloudFlare
On Fri, Nov 2, 2012 at 3:42 PM, Dobbins, Roland <rdobbins at arbor.net> wrote:
>
>
> On Nov 3, 2012, at 5:38 AM, Mark Smith wrote:
>
> > Anonymous don't seem to be aware of BCP38, which would have mitigated a lot of their attack, however that also demonstrates why BCP38 is a must to implement.
>
> Most attackers know very little if anything about TCP/IP . . . and yet, the servers/apps/services/infrastructure which have been deployed are so fragile, brittle, non-scalable, and anemic that their attacks succeed, anyways.
>
More information about the AusNOG
mailing list