It is spoofing, but it is also absolutely amplification. Look at the preso that Damien linked : https://www.usenix.org/conference/woot14/workshop-program/presentation/kuhre... Hope that this doesn't become one of the 'services' that you provide! :) On Thu, Feb 20, 2020 at 6:40 PM Jean | ddostest.me via NANOG < nanog@nanog.org> wrote:
It doesn't sound to be a real amplification.. If it is, can anyone provide the amplification factor? 1x?
It sounds more like a TCP spoofing.
Jean On 2020-02-20 18:22, Töma Gavrichenkov wrote:
Peace,
On Fri, Feb 21, 2020, 1:57 AM Filip Hruska <fhr@fhrnet.eu> wrote:
[..] OVH has been offering DDOS protection capable of soaking up hundreds of gigabits+ per second as a standard with all their services for a long time
They only do it for common trivial vectors like UDP-based amplification — and other types easily handleable through flowspec.
Which is honestly not their fault because they try to keep their costs down. (Other means to keep the costs down may be of concern of Ronald G. though, but that's a different story.)
However, TCP amplification is not of that sort.
-- Töma