filtering spoofed addresses cheaply
Karl Denninger
karl at mcs.net
Sun Apr 26 14:06:26 UTC 1998
On Sat, Apr 25, 1998 at 11:47:00PM -0700, Randy Bush wrote:
> one view is that the clue is in the core where it is too late to fix it.
> and the place it needs to be fixed is at the edges, where the tools are weak
> and the clues seem (given empirical evidence) too few and far apart. this
> will change very slowly as market forces move clue toward the edges (on the
> backs of flying pigs) or the edges wither.
>
> another view is that the site of the cause is not where the pain of the
> effect is felt. hence the incentive to fix is small. this would seem only
> susceptible to vigilante acts, which is not cool. better ideas welcome.
>
> randy
Well, yes and no.
Blocking the amplifiers, forcing them to repent and fix their routers (or
lose connectivity) WORKS Randy. I'm living proof, because what was a
nightly out-of-service condition on our IRC server is now NOT one.
Without the amplifiers, the source spoofing is useless. Yes, I know its not
hte real problem, but trying to get Lucent and ASCEND in particular to fix
this has proven fruitless over more than a year. All that is left is
interdiction; its not perfect, but folks, it WORKS.
--
--
Karl Denninger (karl at MCS.Net)| MCSNet - Serving Chicagoland and Wisconsin
http://www.mcs.net/ | T1's from $600 monthly / All Lines K56Flex/DOV
| NEW! Corporate ISDN Prices dropped by up to 50%!
Voice: [+1 312 803-MCS1 x219]| EXCLUSIVE NEW FEATURE ON ALL PERSONAL ACCOUNTS
Fax: [+1 312 803-4929] | *SPAMBLOCK* Technology now included at no cost
More information about the NANOG
mailing list