The real cause of large DDoS - IP Spoofing
Large DDoS attacks are possible on the modern internet due to IP spoofing, a technique where an attacker sends IP packets with a fake source IP address. These attacks can be divided into direct and amplification types. Direct attacks involve sending traffic directly against a victim IP, while amplification attacks involve sending traffic to vulnerable UDP servers that reflect and amplify it by sending large responses to the unknowing victim. Both types of attack require IP spoofing. Effective filtering preventing IP spoofing can only be done on the edge of the network - at the last-mile ISPs. The internet community has recognized this issue and written down BCP38, which outlines how source IP filtering can prevent IP spoofing.
Company
Cloudflare
Date published
March 6, 2018
Author(s)
Marek Majkowski
Word count
1873
Language
English
Hacker News points
104