On Wed, Mar 01, 2017 at 12:50:49PM +0100, Jeroen Massar wrote: > On 2017-03-01 11:59, Franziska Lichtblau wrote: > [..] > >> Oh, and indeed, Switzerland is a bad place for BCP38, most networks > >> allow spoofing on both IPv4 and IPv6. > > > > Which is "kinda good" for me cause only answers from people who are > > implementing > > all of that won't help us much understanding whats going on ;) > > That is not "kinda good" as it means that spoofing can happen easily and > those kind of attacks are much harder to trace than ones that do proper > full TCP (or heck UDP).
You got me wrong there. I didn't mean to say it's good that the possibility for spoofing is out there. What I meant to convey was, that if I only speak to operators or regions where a ''perfect'' level of filtering is applied I will not get meaningful insights about why it is not done everywhere and how we can improve on that. That's one of the biggest challenges - to actually talk to the people who are not doing as we all would want them to. > But with this whole Mirai thing and hundreds of thousands of hosts being > compromised of end-sites or Wordpress/Joomla/etc on servers with proper > upstream connectivity, it really does not matter, as spoofing is not > even really needed to properly DDoS any network, unless we are talking > about distributed or properly anycasted networks. That is completely true. But that's a completely different problem (which I used to work on very superficially). One that I'd actually like to see fixed, but I'm not sure what a research perspective (which is the one I can offer) can help there. I'm totally open to suggestions. > Eyeball networks though are both the source of many problems and when > miscreants figure out they can take down an eyeball network (which > cannot be protected with tricks like anycast and throwing more resources > at it, as pipe full == pipe full... *not a hint* ;) ) and ransom those > networks, lots of fun will happen. There are things you can not not think once you've thought about them once ;) I agree - there's lots of potential fun out there.... > The fun part is then also that those networks will just not work, they > will also get overloaded call centers which is amazing from a money > perspective thus it will do a lot of damage. > > But maybe then those eyeball networks finally will start taking action > in cleaning up their userbase, thus IMHO, it can't happen early enough > as then we finally will have a proper Internet where that nonsense gets > taken care of instead of just ignored... The problem is always, that people need incentives - there's a good amount of people that you can get with the global idea of a well working community... but sadly not all of them. That's one of the reasons why we ask what are the incentives of people who try to keep their network clean and now we can lower the bars for those who are not yet there. Greets, Franziska -- Franziska Lichtblau, M.A. building MAR, 4th floor, room 4.004 Fachgebiet INET - Sekr. MAR 4-4 phone: +49 30 314 757 33 Technische Universität Berlin gpg-fp: 4FA0 F1BC 8B9A 7F64 797C Marchstrasse 23 - 10587 Berlin 221C C6C6 2786 91EC 5CD5
Description: PGP signature
_______________________________________________ swinog mailing list email@example.com http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog