[AusNOG] Why BCP38 is important
Joshua D'Alton
joshua at railgun.com.au
Fri Nov 2 20:29:53 EST 2012
That is the same attack vector yes, although obviously not specifically
targeted to one site.
The funny thing is how those guys don't seem to understand Anycast and that
their attack will do bugger all especially with about 4 layers of DNS
caching after the root servers. facepalm.
On Fri, Nov 2, 2012 at 8:26 PM, Jarryd Sullivan <
Jarryd.Sullivan at area9.com.au> wrote:
> I came across this a while ago and when I read about the attack in the
> article it reminded me of it...Excuse me for not completely understanding
> it but I believe what is described in this link is pretty much what
> happened?
>
> http://pastebin.com/NKbnh8q8
>
> Excuse the disclaimer it's appended automatically.
> ________________________________________
> From: ausnog-bounces at lists.ausnog.net [ausnog-bounces at lists.ausnog.net]
> on behalf of Mark Smith [markzzzsmith at yahoo.com.au]
> Sent: Friday, November 02, 2012 6:21 PM
> To: ausnog at ausnog.net
> Subject: [AusNOG] Why BCP38 is important
>
> "Open DNS resolvers behind gigantic DDoS"
>
> http://www.itnews.com.au/News/321618,open-dns-resolvers-behind-gigantic-ddos.aspx
>
>
> The article is a bit incorrect in concluding that the only cause is DNS
> resolvers available to anybody, it is also because the hosts that are used
> in the DDoS can spoof source addresses, causing the DNS resolver replies
> to be sent instead to DDoS attack victim.
>
> If you're unfamiliar with BCP38, please read the following and then
> implement
> it to help prevent these sorts of attacks.
>
> "Network Ingress Filtering: Defeating Denial of Service Attacks which
> employ IP Source Address Spoofing"
> http://tools.ietf.org/html/bcp38
>
>
> For ISPs, BCP38 will also prevent the "quota free tunnels" presented by
> Warren at this year's Ausnog:
>
> Using a lack of source address filtering to create 'quota-free' tunnels
> between collaborators
>
> http://www.ausnog.net/images/ausnog-2012/presentations/05-ausnog2012-WarrenHarrop.pdf
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
> ________________________________
>
> The information contained in this message and any attachments may be
> confidential information. If you are not the intended recipient, you must
> not use or forward the information contained in these documents. If you
> have received this message in error, please delete the email and notify the
> sender.
>
> Internet communications are not secure. You should scan this message and
> any attachments for viruses. Under no circumstances do we accept liability
> for any loss or damage which may result from your receipt of this message
> or any attachments.
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20121102/bb31535a/attachment.html>
More information about the AusNOG
mailing list