[lacnog] DDoS, ataques de amplificacion y BCP38

Drew Weaver drew.weaver en thenap.com
Mie Mar 27 18:41:30 BRT 2013


Also, I watched a panel on DDoS with Cloudflare, black lotus, and NSFOCUS at Hosting con and when I asked the question "isn't URPF, BCP38, and stopping attacks at the source the real solution?"

They all basically downplayed the question and said large networks can't enable uRPF because it uses too many resources (lol).



Arturo Servin <aservin en lacnic.net> wrote:


Drew,

        Yes, being optional is part of the problem of BCP38.

        Regarding your suggestion, how would you tag the packet with the ASN?

        To do so, you would need to know that the packet is spoofed, if it were
spoofed and you knew it, why not just drop it?

Regards,
as

On 3/27/13 6:06 PM, Drew Weaver wrote:
> Sorry for the English but as long as BCP38 is optional it will have limited impact. Especially given the huge amount of money carriers make by transiting traffic which they know they should be dropping.
>
> I think a better solution would be to somehow tag a packet with the _actual SRC_ ASN so that you can publicly shame companies that allow these things to happen.
>
> If we stop paying transit providers to transit spoofed packets spoofed packets would disappear overnight. :)
>
>
>
> Fernando Gont <fgont en si6networks.com> wrote:
>
>
> On 03/27/2013 05:27 PM, Carlos M. Martinez wrote:
>> El tema de los open resolvers es increible... como algo tan facil de
>> corregir es completamente ignorado por la gente.
>>
>> ¿Que nos pasa?
>
> Lo mismo que sucede con el despliegue de v6.
>
> Tristemente, actitudes similares en aspectos no-tecnicos hacen que haya
> gente que no tenga que comer, donde dormir, etc...
>
> Abrazo,
> --
> Fernando Gont
> SI6 Networks
> e-mail: fgont en si6networks.com
> PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492
>
>
>
>
> _______________________________________________
> LACNOG mailing list
> LACNOG en lacnic.net
> https://mail.lacnic.net/mailman/listinfo/lacnog
> Cancelar suscripcion: lacnog-unsubscribe en lacnic.net
> _______________________________________________
> LACNOG mailing list
> LACNOG en lacnic.net
> https://mail.lacnic.net/mailman/listinfo/lacnog
> Cancelar suscripcion: lacnog-unsubscribe en lacnic.net
>



Más información sobre la lista de distribución LACNOG