On 10.1.2014 23:10, Jim Lux wrote: > but how long before someone thinks of putting the amplifier after a > botnet, rather than driving it directly.
It has probably been done for a while already, like has been done before with protocols such as dns and chargen. I'm perpetually amazed how so many IP networks and ISPs in the world still let packets with faked source addresses through, thus enabling reflection/amplification attacks and in general making tracking (d)dos sources that much harder. If you run a network or an ISP, read and implement BCP38 if you haven't already, please! It will make the Internet a better place, even if it's just a network at a time. Trying to "secure" UDP amplification attacks a higher level protocol at a time is like putting band-aid on a bad water hose that leaks, with new leaks springing up elsewhere as the pressure in the hose rises from the newly applied (still leaking) band-aids. Sorry for wandering a bit off-topic here, just couldn't resist the temptation. Maybe I should go rig my trusty Oncore VPs back online.. Tapio, oh2kku _______________________________________________ time-nuts mailing list -- [email protected] To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts and follow the instructions there.
