On Sunday, September 25, 2016, John Kristoff <jtk@depaul.edu> wrote:
On Sun, 25 Sep 2016 14:36:18 +0000 Ca By <cb.list6@gmail.com <javascript:;>> wrote:
As long as their is one spoof capable network on the net, the problem will not be solved.
This is not strictly true. If it could be determined where a large bulk of the spoofing came from, public pressure could be applied. This may not have been the issue in this case, but in many amplification and reflection attacks, the originating spoof-enabled networks were from a limited set of networks. De-peering, service termination, shaming, etc could have an effect.
John
Ok, sorry for the not being exact. I am trying to be practical. My point is, a lot of access networks will respond to public pressure if the data is exposed on the offending real ips of the iot crap, and they will enforce their AUP. We have seen comcast do just that, on this list a few months back. That path has legs. Google also blocks service to certain hacked networks as well, we have seen that on this list too. That is an interesting angle in the krebs case. Will google block service to folks sharing ip with the iot ddos mess ?