On Tue, Nov 23, 2004 at 11:57:47AM +0100,
Stefan Engelbert <stefan(_at_)gfi(_dot_)com> wrote
a message of 42 lines which said:
To be honest I don't even remember one recent dDOS attack with
spoofed Ips at big sites.
Big name servers (like the root name servers or the servers of TLD
like ".fr" or ".com") see it daily. UDP (most DNS traffic is over UDP)
is especially sensitive because the attacker does not need to get the
reply.
If my ISP has the IP Range 192.168.0.0/24 and I send a spoofed
packet from 123.123.123.123 it wont Pass the router of the ISP since
the router knows that 123.123.123.123 CANNOT come from inside and
Drops that package...
Most ISP do not perform that test (often for good reasons). You cannot
base your security on a practice which depends on the others and which
is far from being prevalent.