Re: peering requirements (Re: DDOS anecdotes)
But please don't forget that in this particular DDoS event there was no IP spoofing.
So anti-spoofing precautions, either on administrative or technical level, would be useless in this case.
And this case is not so untypical.
that doesn't matter to me. i, and people i'm various close to, am attacked several times daily. sometimes in a hard way, sometimes in a soft way, but almost always using spoofed addresses. tracking these hop by hop using mac addresses at exchange points only works if the stream is steady. it's not.
my .002$
i was not basing my recommendation for a general peering agreement upgrade on any specific attack. it's the pattern of attacks over the last decade that's got me bugged. any angry teenager with a $300 openbsd machine can bring down any part of the internet they're angry at. with impunity.
participants (1)
-
Paul A Vixie