Source address validation (was Re: UUNet Offer New Protection
Paul Vixie
vixie at vix.com
Sun Mar 7 22:15:12 UTC 2004
sean at donelan.com (Sean Donelan) writes:
> SAV doesn't tell you where the packets came from. At best SAV tells you
> where the packets didn't come from.
...which is incredibly more valuable than not knowing anything at all.
> You would be wrong. There are networks that have deployed SAV/uRPF.
>
> They saw no _net_ savings.
>
> In the real world, it costs more to deploy and maintain SAV/uRPF.
in the therefore-unreal world i live in, the ability to tell a GWF ("goober
with firewall") that the incident report they sent our noc could not possibly
have come from here, is a net cost savings over having to prove it every time.
> Have you noticed this thread is full of people who don't run large
> networks saying other people who do run networks should deploy SAV/uRPF.
distinguishingly, i do help run a network, and i'm not limiting my accusation
("you guys are slackers") to uPRF-free networks of any particular size ("big").
--
Paul Vixie
More information about the NANOG
mailing list