On 31 Jan 2013, at 18:37, Robert McKay <[email protected]> wrote: > Having said that, I think a lot of these kinds of attacks actually originate > from complicit rogue malware ISPs that have deliberately setup servers such > that they're able to spoof.. whether they have 'hacker clients' or 'hacked > clients' or 'fake clients that (oops!) got hacked' or they're actually just > doing it themselves is kindof beside the point. BCP-38 isn't going to help > when people just turn it off.
Every attack I've observed recently has had too short an interval between packets (i.e. a few microseconds) for them to have come from a broadband end-user. The sources all appear to have been dedicated servers in well connected co-lo sites. I suspect most dedi-server operators don't (or can't) apply uRPF on customer facing switch ports :( Ray
