[AusNOG] Why BCP38 is important

Jarryd Sullivan Jarryd.Sullivan at area9.com.au
Fri Nov 2 20:26:45 EST 2012


I came across this a while ago and when I read about the attack in the article it reminded me of it...Excuse me for not completely understanding it but I believe what is described in this link is pretty much what happened?

http://pastebin.com/NKbnh8q8

Excuse the disclaimer it's appended automatically.
________________________________________
From: ausnog-bounces at lists.ausnog.net [ausnog-bounces at lists.ausnog.net] on behalf of Mark Smith [markzzzsmith at yahoo.com.au]
Sent: Friday, November 02, 2012 6:21 PM
To: ausnog at ausnog.net
Subject: [AusNOG] Why BCP38 is important

"Open DNS resolvers behind gigantic DDoS"
http://www.itnews.com.au/News/321618,open-dns-resolvers-behind-gigantic-ddos.aspx


The article is a bit incorrect in concluding that the only cause is DNS
resolvers available to anybody, it is also because the hosts that are used
in the DDoS can spoof source addresses, causing the DNS resolver replies
to be sent instead to DDoS attack victim.

If you're unfamiliar with BCP38, please read the following and then implement
it to help prevent these sorts of attacks.

"Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing"
http://tools.ietf.org/html/bcp38


For ISPs, BCP38 will also prevent the "quota free tunnels" presented by Warren at this year's Ausnog:

 Using a lack of source address filtering to create 'quota-free' tunnels between collaborators
http://www.ausnog.net/images/ausnog-2012/presentations/05-ausnog2012-WarrenHarrop.pdf

_______________________________________________
AusNOG mailing list
AusNOG at lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

________________________________

The information contained in this message and any attachments may be confidential information. If you are not the intended recipient, you must not use or forward the information contained in these documents. If you have received this message in error, please delete the email and notify the sender.

Internet communications are not secure. You should scan this message and any attachments for viruses. Under no circumstances do we accept liability for any loss or damage which may result from your receipt of this message or any attachments.



More information about the AusNOG mailing list