Date: Tue, 16 Sep 2014 19:19:06 +0200 From: Daniel Roethlisberger <daniel@roe.ch> To: freebsd-security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-14:19.tcp Message-ID: <20140916171906.GB40056@calvin.ustdmz.roe.ch> In-Reply-To: <1410875348.3660913.168112729.18E69A9D@webmail.messagingengine.com> References: <201409161014.s8GAE77Z070671@freefall.freebsd.org> <54180EBF.2050104@pyro.eu.org> <1410870926.3637266.168084441.4C997218@webmail.messagingengine.com> <44y4tjwvlm.fsf@lowell-desk.lan> <1410875348.3660913.168112729.18E69A9D@webmail.messagingengine.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Mark Felder <feld@FreeBSD.org> 2014-09-16: > On Tue, Sep 16, 2014, at 08:20, Lowell Gilbert wrote: > > Spoofing traffic is pretty easy. The reason it isn't generally a problem > > is that knowing what to spoof is more difficult. [I assume that's what > > feld@ actually meant, but it's an important distinction.] > > How many AS are out there don't implement BCP38? Spoofing these days > without MITM should be considered hard, and TCP even harder, no? I'd > find it more believable that it's easier to hijack BGP than to target > someone and successfully spoof TCP. FWIW, if that assumption about the BCP38 adoption rate were true, then we would see less reflected DoS attacks than we actually do these days. -- Daniel Roethlisberger http://daniel.roe.ch/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20140916171906.GB40056>