About RIPE | Contact  | Search | Sitemap    
Homepage RIPE  
RIPE Community Mail Archives
search  
     
Next Sectionyou are here: RIPE -> RIPE Maillists > Archives
RIPE Navigation Ends
About RIPE Maillists
Maillists Archive
Global Lists
Non Active Lists
RIPE NCC Navigation Ends
Next Section
<<< Chronological >>> Author Index    Subject Index <<< Threads >>>

Re: [spoofing-tf] Source Address Validation Architecture (SAVA), BOF proposal @ IETF

  • To: Rob Beverly rbeverly@localhost
  • From: Pekka Savola pekkas@localhost
  • Date: Thu, 14 Sep 2006 17:13:37 +0300 (EEST)
  • Cc: "Barry Greene (bgreene)" bgreene@localhost, Jaap Akkerhuis jaap@localhost, spoofing-tf@localhost, sava@localhost
On Thu, 14 Sep 2006, Rob Beverly wrote:

Again, not true. Look at the studies for the sources of DOS attacks.
Spoofed source addresses are not currently (nor have they been) the core
contributor.


Sure, but again, consider the recent DNS amplifier attacks and
filter circumvention attacks (using spoofing to send UCE).
I'd be interested in seeing more references on the SPAM-spoofing. I assume you refer to hijacking an address space (possibly a bogon, possibly in use), sending spam, and switching the prefix continously. This is quite different than 'traditional' spoofing because above also requires propagation of false routing information instead of simply sending bogus packets. 

--
Pekka Savola                 "You each name yourselves king, yet the
Netcore Oy                    kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
Post To The List:

Replies

Message References

<<< Chronological >>> Author    Subject <<< Threads >>>
 

Next Section
     About RIPE | Site Map | LIR Portal | About the RIPE NCC | Contact | Copyright Statement
RIPE.NET Homepage LIR Portal RIPE Community