FreeBSD Security Advisory FreeBSD-SA-14:19.tcp
Daniel Roethlisberger
daniel at roe.ch
Tue Sep 16 17:19:11 UTC 2014
Mark Felder <feld at FreeBSD.org> 2014-09-16:
> On Tue, Sep 16, 2014, at 08:20, Lowell Gilbert wrote:
> > Spoofing traffic is pretty easy. The reason it isn't generally a problem
> > is that knowing what to spoof is more difficult. [I assume that's what
> > feld@ actually meant, but it's an important distinction.]
>
> How many AS are out there don't implement BCP38? Spoofing these days
> without MITM should be considered hard, and TCP even harder, no? I'd
> find it more believable that it's easier to hijack BGP than to target
> someone and successfully spoof TCP.
FWIW, if that assumption about the BCP38 adoption rate were true,
then we would see less reflected DoS attacks than we actually do
these days.
--
Daniel Roethlisberger
http://daniel.roe.ch/
More information about the freebsd-security
mailing list