On 2017-03-01 11:59, Franziska Lichtblau wrote:
>> Oh, and indeed, Switzerland is a bad place for BCP38, most networks
>> allow spoofing on both IPv4 and IPv6.
> Which is "kinda good" for me cause only answers from people who are 
> implementing
> all of that won't help us much understanding whats going on ;) 

That is not "kinda good" as it means that spoofing can happen easily and
those kind of attacks are much harder to trace than ones that do proper
full TCP (or heck UDP).

But with this whole Mirai thing and hundreds of thousands of hosts being
compromised of end-sites or Wordpress/Joomla/etc on servers with proper
upstream connectivity, it really does not matter, as spoofing is not
even really needed to properly DDoS any network, unless we are talking
about distributed or properly anycasted networks.

Eyeball networks though are both the source of many problems and when
miscreants figure out they can take down an eyeball network (which
cannot be protected with tricks like anycast and throwing more resources
at it, as pipe full == pipe full... *not a hint* ;) ) and ransom those
networks, lots of fun will happen.

The fun part is then also that those networks will just not work, they
will also get overloaded call centers which is amazing from a money
perspective thus it will do a lot of damage.

But maybe then those eyeball networks finally will start taking action
in cleaning up their userbase, thus IMHO, it can't happen early enough
as then we finally will have a proper Internet where that nonsense gets
taken care of instead of just ignored...


swinog mailing list

Antwort per Email an