no ip forged-source-address

bdragon at bdragon at
Mon Nov 4 22:27:51 UTC 2002

> On Wed, 30 Oct 2002, Charles D Hammonds wrote:
> > analogy games are fun, but it boils down to this... If I know the real
> > source of an attack, I can stop it within minutes. I'm sure that my
> > customers appreciate that fact. Noone will ever completely stop attacks, the
> > point is to minimize their impact. that is my concern as a service provider.
> > also, from the victim's perspective, you have someone to hold accountable.
> again, spoofed or non, at the egress to the customer you just need to make
> the traffic stop. Whether they are spoofed isn't an issue.

It is a lot easier to stop when you know whom you have to stop.

Why is uunet so opposed to uRPF? If performance concerns, what effort
has been made to address them with the vendor? Why is it that others
(I believe ATT was mentioned) can do it with no apparent performance
impact? Is it philosophical, and nothing would get you to change? What
about financial, more dos traffic equals more revenue and bad sources
means complaints may go elsewhere deflecting cost from the abuse/security
budget? Do you just not like us?

Let's solve whatever issues you believe to exist, so we can do _something_
rather than sitting around not doing anything all the time. What would
it take to get uunet to do something?

What about the other large isps? What would it take for you to do
something? Chris is gracious enough to show up and participate, at
least even if it does mean he has to wear nomex.

More information about the NANOG mailing list