23 Oct
2016
23 Oct
'16
10:16 a.m.
* Randy Bush:
What does BCP38 have to do with this?
nothing technical, as these iot attacks are not spoofed.
How do you know? Has anyone disclosed specifics? I can understand that keeping details under wraps is sometimes required for operational security, but if the attacks are clearly succeeding, I would have expected those who posted “do something, now!” messages at least some pointer to technical details of what was going on. Not that the underlying threat will go away until we find a way to clean up almost all of the compromised devices (and without breaking the Internet along the way, forever).