On 2017-03-01 11:59, Franziska Lichtblau wrote: [..]
Oh, and indeed, Switzerland is a bad place for BCP38, most networks allow spoofing on both IPv4 and IPv6.
Which is "kinda good" for me cause only answers from people who are implementing all of that won't help us much understanding whats going on ;)
That is not "kinda good" as it means that spoofing can happen easily and those kind of attacks are much harder to trace than ones that do proper full TCP (or heck UDP).
But with this whole Mirai thing and hundreds of thousands of hosts being compromised of end-sites or Wordpress/Joomla/etc on servers with proper upstream connectivity, it really does not matter, as spoofing is not even really needed to properly DDoS any network, unless we are talking about distributed or properly anycasted networks.
Eyeball networks though are both the source of many problems and when miscreants figure out they can take down an eyeball network (which cannot be protected with tricks like anycast and throwing more resources at it, as pipe full == pipe full... *not a hint* ;) ) and ransom those networks, lots of fun will happen.
The fun part is then also that those networks will just not work, they will also get overloaded call centers which is amazing from a money perspective thus it will do a lot of damage.
But maybe then those eyeball networks finally will start taking action in cleaning up their userbase, thus IMHO, it can't happen early enough as then we finally will have a proper Internet where that nonsense gets taken care of instead of just ignored...
Greets, Jeroen