[AusNOG] Why BCP38 is important

Joshua D'Alton joshua at railgun.com.au
Fri Nov 2 20:01:58 EST 2012


Very informative post, quota free tunnels is also very interesting, I've
always been on the lookout for 'clever' things like this or DNS tunneling :D

On Fri, Nov 2, 2012 at 7:51 PM, Mark Smith <markzzzsmith at yahoo.com.au>wrote:

> "Open DNS resolvers behind gigantic DDoS"
>
> http://www.itnews.com.au/News/321618,open-dns-resolvers-behind-gigantic-ddos.aspx
>
>
> The article is a bit incorrect in concluding that the only cause is DNS
> resolvers available to anybody, it is also because the hosts that are used
> in the DDoS can spoof source addresses, causing the DNS resolver replies
> to be sent instead to DDoS attack victim.
>
> If you're unfamiliar with BCP38, please read the following and then
> implement
> it to help prevent these sorts of attacks.
>
> "Network Ingress Filtering: Defeating Denial of Service Attacks which
> employ IP Source Address Spoofing"
> http://tools.ietf.org/html/bcp38
>
>
> For ISPs, BCP38 will also prevent the "quota free tunnels" presented by
> Warren at this year's Ausnog:
>
>  Using a lack of source address filtering to create 'quota-free' tunnels
> between collaborators
>
> http://www.ausnog.net/images/ausnog-2012/presentations/05-ausnog2012-WarrenHarrop.pdf
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20121102/7214395a/attachment.html>


More information about the AusNOG mailing list