On Wed, Mar 01, 2017 at 12:50:49PM +0100, Jeroen Massar wrote:
> On 2017-03-01 11:59, Franziska Lichtblau wrote:
> [..]
> >> Oh, and indeed, Switzerland is a bad place for BCP38, most networks
> >> allow spoofing on both IPv4 and IPv6.
> > 
> > Which is "kinda good" for me cause only answers from people who are 
> > implementing
> > all of that won't help us much understanding whats going on ;) 
> 
> That is not "kinda good" as it means that spoofing can happen easily and
> those kind of attacks are much harder to trace than ones that do proper
> full TCP (or heck UDP).

You got me wrong there. I didn't mean to say it's good that the possibility 
for spoofing is out there. What I meant to convey was, that if I only speak
to operators or regions where a ''perfect'' level of filtering is applied I 
will not get meaningful insights about why it is not done everywhere and 
how we can improve on that. 
That's one of the biggest challenges - to actually talk to the people who are
not doing as we all would want them to. 

> But with this whole Mirai thing and hundreds of thousands of hosts being
> compromised of end-sites or Wordpress/Joomla/etc on servers with proper
> upstream connectivity, it really does not matter, as spoofing is not
> even really needed to properly DDoS any network, unless we are talking
> about distributed or properly anycasted networks.

That is completely true. But that's a completely different problem (which I used
to work on very superficially). One that I'd actually like to see fixed, but I'm
not sure what a research perspective (which is the one I can offer) can help
there. I'm totally open to suggestions. 

> Eyeball networks though are both the source of many problems and when
> miscreants figure out they can take down an eyeball network (which
> cannot be protected with tricks like anycast and throwing more resources
> at it, as pipe full == pipe full... *not a hint* ;) ) and ransom those
> networks, lots of fun will happen.

There are things you can not not think once you've thought about them once ;) 
I agree - there's lots of potential fun out there.... 

> The fun part is then also that those networks will just not work, they
> will also get overloaded call centers which is amazing from a money
> perspective thus it will do a lot of damage.
> 
> But maybe then those eyeball networks finally will start taking action
> in cleaning up their userbase, thus IMHO, it can't happen early enough
> as then we finally will have a proper Internet where that nonsense gets
> taken care of instead of just ignored...

The problem is always, that people need incentives - there's a good amount
of people that you can get with the global idea of a well working community...
but sadly not all of them. That's one of the reasons why we ask what are the
incentives of people who try to keep their network clean and now we can
lower the bars for those who are not yet there. 

Greets,
Franziska 
-- 
Franziska Lichtblau, M.A.            building MAR, 4th floor, room 4.004
Fachgebiet INET - Sekr. MAR 4-4          phone: +49 30 314 757 33
Technische Universit├Ąt Berlin           gpg-fp: 4FA0 F1BC 8B9A 7F64 797C
Marchstrasse 23 - 10587 Berlin                  221C C6C6 2786 91EC 5CD5

Attachment: signature.asc
Description: PGP signature

_______________________________________________
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Antwort per Email an