Le 22/09/2018 à 22:16, Stefan Monnier a écrit :
[...]
The benefit is that one cannot pinpoint the real attacker, of course.
Isn't the same benefit provided by just forging the source address ?
If all the routers in the path play along... but then, they are all
broken.
This condition must also be true in Reco's scenario to send the forged
packets to the reflectors.
There's also the fact that all those RST packets can come from all over
the place and they come from where they say they come.
How can the target tell the difference ? It will receive all packets
from its internet router anyway.
So they're a lot more difficult to block, compared to packets with
a forged source address all coming from the same IP.
"packets with a forged source address all coming from the same IP" does
not make any sense. Packets do not "come from an IP", they just have a
(possibly forged) source address wherever they come from.
