> > None of this would happened if every ISP blocked outbound spoofed > packets, > if every MTA is configured properly to avoid spamming and relaying, if > egress filtering is in place, etc. > Most of us have been concerned with the spoofing aspect. If we get that fixed, how much damage can future attackers do without spoofing? In the recent cases, the attackers were apparantly only interested in wiping out each site for a few hours. If I lined up 1000 relay machines, and had them sufficiently spread around, would I be able to do the same? How long would it take to contact the admins for all those nets and/or get various ISPs to block them? My personal experience when doing that sort of thing on a very small scale is that it takes a long time to convince people that they should do something. Of course the spoofing problem should be fixed. In my example, the 1000 machines are likely to get some proper configuration when they are tracked down (which will be loads easier.) It should also shorten the time it takes to track the attacker. I don't think it eliminates the attack, tho. Ryan
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:06:01 PDT