filtering spoofed addresses cheaply
karl at mcs.net
Sun Apr 26 14:06:26 UTC 1998
On Sat, Apr 25, 1998 at 11:47:00PM -0700, Randy Bush wrote:
> one view is that the clue is in the core where it is too late to fix it.
> and the place it needs to be fixed is at the edges, where the tools are weak
> and the clues seem (given empirical evidence) too few and far apart. this
> will change very slowly as market forces move clue toward the edges (on the
> backs of flying pigs) or the edges wither.
> another view is that the site of the cause is not where the pain of the
> effect is felt. hence the incentive to fix is small. this would seem only
> susceptible to vigilante acts, which is not cool. better ideas welcome.
Well, yes and no.
Blocking the amplifiers, forcing them to repent and fix their routers (or
lose connectivity) WORKS Randy. I'm living proof, because what was a
nightly out-of-service condition on our IRC server is now NOT one.
Without the amplifiers, the source spoofing is useless. Yes, I know its not
hte real problem, but trying to get Lucent and ASCEND in particular to fix
this has proven fruitless over more than a year. All that is left is
interdiction; its not perfect, but folks, it WORKS.
Karl Denninger (karl at MCS.Net)| MCSNet - Serving Chicagoland and Wisconsin
http://www.mcs.net/ | T1's from $600 monthly / All Lines K56Flex/DOV
| NEW! Corporate ISDN Prices dropped by up to 50%!
Voice: [+1 312 803-MCS1 x219]| EXCLUSIVE NEW FEATURE ON ALL PERSONAL ACCOUNTS
Fax: [+1 312 803-4929] | *SPAMBLOCK* Technology now included at no cost
More information about the NANOG