Re: [SAVA] Re: [spoofing-tf] Source Address Validation Architecture (S AVA), BOF proposal @ IETF

  • To: pekkas@localhost
  • From: "Fergie" fergdawg@localhost
  • Date: Thu, 14 Sep 2006 16:25:47 GMT
  • Cc: rbeverly@localhost, bgreene@localhost, sava@localhost, jaap@localhost, spoofing-tf@localhost

Then you'll probablty really be interested in this:

[snip]

Understanding the Network-Level Behavior of Spammers
A. Ramachandran and N. Feamster
Proc. ACM SIGCOMM,
Pisa, Italy, September 2006. To appear. [.pdf]
http://www-static.cc.gatech.edu/%7Efeamster/publications/p396-ramachandran.pdf
An earlier version appeared as Georgia Tech Technical Report
GT-CSS-2006-001.

[snip]

- ferg


-- Pekka Savola pekkas@localhost wrote:

On Thu, 14 Sep 2006, Rob Beverly wrote:
>> Again, not true. Look at the studies for the sources of DOS attacks.
>> Spoofed source addresses are not currently (nor have they been) the core
>> contributor.
>
> Sure, but again, consider the recent DNS amplifier attacks and
> filter circumvention attacks (using spoofing to send UCE).

I'd be interested in seeing more references on the SPAM-spoofing.  I 
assume you refer to hijacking an address space (possibly a bogon, 
possibly in use), sending spam, and switching the prefix continously. 
This is quite different than 'traditional' spoofing because above also 
requires propagation of false routing information instead of simply 
sending bogus packets.

[snip]

--
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawg(at)netzero.net
 ferg's tech blog: http://fergdawg.blogspot.com/