On Tue, 2004-11-23 at 11:57 +0100, Stefan Engelbert wrote:
To be honest I don't even remember one recent dDOS attack with spoofed
Ips at big sites.
I do remember dDOS attacks with real Ips taken over by worms.....
If my ISP has the IP Range 192.168.0.0/24 and I send a spoofed packet
from 123.123.123.123 it wont
Pass the router of the ISP since the router knows that 123.123.123.123
CANNOT come from inside and
Drops that package...
http://6o4.ca/ouch.png
Those were 100% spoofed hosts, over 100,000 of them, I dare say if I
recall correctly it was near the quarter million mark, took our network
right to the ground and even affected our upstream provider in a
negative fashion (and believe me, they've got huge network capacity).
The problem with the Internet is that hardly ANYONE filters. SURE they
filter 10.x 192.x 172.16.x *IF* you are lucky, but the vast majority
honestly don't. They are either clueless, or lack the BGP or other
routing relationships necessary to facilitate timely and accurate
blocking of address ranges that should not be traversing their
particular segment.
Cheers,
James
--
James Couzens,
Programmer
( ( (
((__)) __\|/__ __|-|__ '. ___ .'
(00) (o o) (0~0) ' (> <) '
---nn-(o__o)-nn---ooO--(_)--Ooo--ooO--(_)--Ooo---ooO--(_)--Ooo---
http://libspf.org -- ANSI C Sender Policy Framework library
http://libsrs.org -- ANSI C Sender Rewriting Scheme library
-----------------------------------------------------------------
PGP: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x7A7C7DCF
-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
http://www.InboxEvent.com/?s=d --- Inbox Event Nov 17-19 in Atlanta features
SPF and Sender ID.
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
signature.asc
Description: This is a digitally signed message part