Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

There's something I find rather surprising. It would appear that attacks using spoofed IP addresses need help from a rogue ISP, unless both the attacker and the victim use the same ISP. Presumably, an ISP can easily block packets that originate in its network but have a source address that's not part of its own IP range.

Why does it take so long until most rogue ISPs are detected and cut off the rest of the global internet?



> It would appear that attacks using spoofed IP addresses need help from a rogue ISP ...

Not a rogue ISP, just one that hasn't implemented BCP38 (which is most of them, unfortunately).


> an ISP can easily block packets that originate in its network but have a source address that's not part of its own IP range.

Is it really so easy? How does the ISP know that the package came from within its network?


I'm not an expert on this at all, but I think that unless an ISP's customer is allowed to run a public facing router it would be trivial for the ISP to determine that. There simply cannot be any legit packets with a source address from outside its address range arriving at inward facing network interfaces. Maybe I'm not getting something here...


Yes, it really is. I can tell where it came from based upon the interface I received it on. Google "BCP38".




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: