Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Hosts that negligently allow (do not implement technical measures to block) packets to be sent from an IP address not routed to the sender.

Ecatel is the big one here. I don't know what it will take for their upstreams to shut them down, but it needs to happen. Do that and many of these reflected attacks will stop.



You can send spoofed packets from nearly every host.

However hosts like Ecatel are known to specifically allow their customers to send spoofed packets at full speed 24/7.

I think most hosts will notice heavy bandwidth usage, investigate, and then terminate your account. This is why people buy servers at Ecatel even if it is more expensive.


Sure, you can _send_ spoofed packets from any host, but any reputable host will drop them.

Reputable hosts use uRPF or at least an ACL at their edge to drop any outbound traffic with a source address that isn't in their network.

People buy servers from Ecatel because they're one of the few that (intentionally) do not have such measures in place.


No, very few hosts drop them because it costs time and money to do BGP38.

I have tested 5+ major hosts spoofing packets to a remote destination and they all allowed spoofing except OVH.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: