Sure, you can _send_ spoofed packets from any host, but any reputable host will ... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

pktgen on Feb 15, 2014 | parent | context | favorite | on: The New Normal: 200-400 Gbps DDoS Attacks

Sure, you can _send_ spoofed packets from any host, but any reputable host will drop them.

Reputable hosts use uRPF or at least an ACL at their edge to drop any outbound traffic with a source address that isn't in their network.

People buy servers from Ecatel because they're one of the few that (intentionally) do not have such measures in place.

codexon on Feb 15, 2014 [–]

No, very few hosts drop them because it costs time and money to do BGP38.

I have tested 5+ major hosts spoofing packets to a remote destination and they all allowed spoofing except OVH.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact