On Fri, 14 Jul 2000, Rick wrote:
Richard I think you MISS two points which are at the center of this thread. First every sub-hacker (ie, those who do NOT write their own source) will usually use RFC1918 for any type of DOS attack as it is the recommended source of attack (if you do not agree with this then this thread is pointless).
I absolutily do not agree with this. I have never seen this behavior yet, know of no hackers who would bother, and they gain nothing from it. If they can spoof the attack effectively, they'll either do it random sourced, pick an IP out of their err head, or pick an IP they know, perhaps someone they don't like.
Second as others have pointed out the RFC1918 was created with the primary purpose to not only help limit the allocation of globally routeable IP's but also limit the amount of traffic on the Internet as a whole. By applying filters at the border routers it helps to reinforce these standards. IMHO
Thats utterly rediculous. A single non-connection orientied response which cannot generate more responses leaving the 1918 restricted space will have no impact on traffic levels. I'm also supprised by the number of people who live in the dream world that all networks are as small and easily filterable as theirs. Don't even attempt to complain about a backbone provider carrying 1918-sourced traffic. The only real reason to filter 1918 space is if you are afraid there will be an IP conflict between something you have numbered in your 1918 space, and the responses which could be generated by someone elses 1918 space (for example, a dest unreachable coming from someone's 1918 P-t-P sourced to something you have an IP for as well). -- Richard A Steenbergen <ras@e-gerbil.net> http://www.e-gerbil.net/humble PGP Key ID: 0x138EA177 (67 29 D7 BC E8 18 3E DA B2 46 B3 D8 14 36 FE B6)