[dns-operations] "it's like having a pizza delivered to a friend's house as a prank."

Pierre Baume pierre at baume.org
Thu Mar 23 18:00:27 UTC 2006

On 3/23/06, Per Heldal <heldal at eml.cc> wrote:

>   And sure, spoofed traffic can be hard to detect, but this doesn't mean
> > none of it can be detected. Specially when attacks last for hours/days.
> This isn't about detecting random spoofed packets.

  Sure, but what about when spoofing is prevented from some subnets but not
others, through incompetence or malice?

> PS: And of course, in parallel, we could fix UDP so that packets sent in
> > either direction have the same size. But that might take longer. ;-)
> ... besides being a joke, it also misses the fact that spoofing may be
> used just to hide the presence of bots with no amplification.

  The 2 problems of spoofing and amplification are orthogonal (they do make
a nice combination). Both deserve to be fixed, IMHO. It's just a matter of
(relatively) easy wins first.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20060323/3ab36f60/attachment.html>

More information about the dns-operations mailing list