Home page logo
/

nanog logo nanog mailing list archives

Re: WANTED: ISPs with DDoS defense solutions
From: Paul Vixie <paul () vix com>
Date: Wed, 06 Aug 2003 06:12:26 +0000


How would the spoofing program, or its user, be able to tell if
it was successful?  Unless I'm very confused, the definition of
spoofing is that the return packets aren't going to come back to you.

the whole thing would have to take place during a tcp control session
which used d-h to scramble itself, sort of the same way ssh does.  the
random address/addresses would be chosen by the server.  the only info
the initiator would gain is a count of how many spoofed packets made
it in; this could be left out if we feared that bad people would profit
from being able to use this tester.  (we don't, though, since they have
their own ways of knowing whether spoofing is working from a given source,
and we don't think they'd want us to know what sources they were testing.)

I can imagine a packet format where the real source address was in the
data, but with no authentication this would itself be subject to abuse.
...
Doing this from behind a NAT would be difficult.

one hopes that a nat box would also complicate the lives of spoofers.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault