Re: [spoofing-tf] Source Address Validation Architecture (SAVA), BOF proposal @ IETF

  • To: Rob Beverly rbeverly@localhost
  • From: Pekka Savola pekkas@localhost
  • Date: Thu, 14 Sep 2006 17:13:37 +0300 (EEST)
  • Cc: "Barry Greene (bgreene)" bgreene@localhost, Jaap Akkerhuis jaap@localhost, spoofing-tf@localhost, sava@localhost

On Thu, 14 Sep 2006, Rob Beverly wrote:
Again, not true. Look at the studies for the sources of DOS attacks.
Spoofed source addresses are not currently (nor have they been) the core
contributor.

Sure, but again, consider the recent DNS amplifier attacks and
filter circumvention attacks (using spoofing to send UCE).

I'd be interested in seeing more references on the SPAM-spoofing. I assume you refer to hijacking an address space (possibly a bogon, possibly in use), sending spam, and switching the prefix continously. This is quite different than 'traditional' spoofing because above also requires propagation of false routing information instead of simply sending bogus packets.

--
Pekka Savola                 "You each name yourselves king, yet the
Netcore Oy                    kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings