I take it folks havent started implementing RFC3514 yet, should solve all these issues....
Steve On Thu, 31 Jul 2003, Petri Helenius wrote: > > > I would say that because backdoored hosts are easily available in large > quantities, spoofing does not make sense and usually alarms various systems > more quickly than packets from legitimate addresses. > > Pete > > ----- Original Message ----- > From: <[EMAIL PROTECTED]> > To: "Rob Thomas" <[EMAIL PROTECTED]> > Cc: "NANOG" <[EMAIL PROTECTED]> > Sent: Thursday, July 31, 2003 4:17 PM > Subject: Re: WANTED: ISPs with DDoS defense solutions > > > > > > On Wed, 30 Jul 2003, Rob Thomas wrote: > > > > > I've tracked 1787 DDoS attacks since 01 JAN 2003. Of that number, > > > only 32 used spoofed sources. I rarely see spoofed attacks now. > > > > Do you have any ideas as to why that is? Is it due to more providers > > doing source filtering? It wouldn't make sense for attackers to become > > less sophisticated unless they became more difficult to catch for other > > reasons (e.g. botnets getting bigger). > > > > Rich > > > > >
