filtering spoofed addresses cheaply

Karl Denninger karl at
Sun Apr 26 14:06:26 UTC 1998

On Sat, Apr 25, 1998 at 11:47:00PM -0700, Randy Bush wrote:
> one view is that the clue is in the core where it is too late to fix it.
> and the place it needs to be fixed is at the edges, where the tools are weak
> and the clues seem (given empirical evidence) too few and far apart.  this
> will change very slowly as market forces move clue toward the edges (on the
> backs of flying pigs) or the edges wither.
> another view is that the site of the cause is not where the pain of the
> effect is felt.  hence the incentive to fix is small.  this would seem only
> susceptible to vigilante acts, which is not cool.  better ideas welcome.
> randy

Well, yes and no.

Blocking the amplifiers, forcing them to repent and fix their routers (or
lose connectivity) WORKS Randy.  I'm living proof, because what was a
nightly out-of-service condition on our IRC server is now NOT one.

Without the amplifiers, the source spoofing is useless.  Yes, I know its not
hte real problem, but trying to get Lucent and ASCEND in particular to fix
this has proven fruitless over more than a year.  All that is left is
interdiction; its not perfect, but folks, it WORKS.

Karl Denninger (karl at MCS.Net)| MCSNet - Serving Chicagoland and Wisconsin          | T1's from $600 monthly / All Lines K56Flex/DOV
			     | NEW! Corporate ISDN Prices dropped by up to 50%!
Fax:   [+1 312 803-4929]     | *SPAMBLOCK* Technology now included at no cost

More information about the NANOG mailing list