Re: WANTED: ISPs with DDoS defense solutions
How would the spoofing program, or its user, be able to tell if it was successful? Unless I'm very confused, the definition of spoofing is that the return packets aren't going to come back to you.
the whole thing would have to take place during a tcp control session which used d-h to scramble itself, sort of the same way ssh does. the random address/addresses would be chosen by the server. the only info the initiator would gain is a count of how many spoofed packets made it in; this could be left out if we feared that bad people would profit from being able to use this tester. (we don't, though, since they have their own ways of knowing whether spoofing is working from a given source, and we don't think they'd want us to know what sources they were testing.)
I can imagine a packet format where the real source address was in the data, but with no authentication this would itself be subject to abuse. ... Doing this from behind a NAT would be difficult.
one hopes that a nat box would also complicate the lives of spoofers.
participants (1)
-
Paul Vixie