no ip forged-source-address

• Previous message (by thread): no ip forged-source-address
• Next message (by thread): no ip forged-source-address
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

analogy games are fun, but it boils down to this... If I know the real
source of an attack, I can stop it within minutes. I'm sure that my
customers appreciate that fact. Noone will ever completely stop attacks, the
point is to minimize their impact. that is my concern as a service provider.
also, from the victim's perspective, you have someone to hold accountable.

Charles

-----Original Message-----
From: owner-nanog at merit.edu [mailto:owner-nanog at merit.edu]On Behalf Of
Christopher L. Morrow
Sent: Wednesday, October 30, 2002 10:47 PM
To: Valdis.Kletnieks at vt.edu
Cc: Christopher L. Morrow; nanog at nanog.org
Subject: Re: no ip forged-source-address





On Thu, 31 Oct 2002 Valdis.Kletnieks at vt.edu wrote:

> On Thu, 31 Oct 2002 06:21:00 GMT, "Christopher L. Morrow" said:
>
> > I'm confused.. its still a DoS attack, eh??
>
> It's the difference between:
>
> A) Going out to your car at the end of a too-long day and finding a
> broken taillight.
>
> B) Going out to your car at the end of a too-long day and finding a
> broken taillight and a business card under the windshield wiper that
> has "Sorry - call me and I'll pay for it" written on the back.
>

I think the spoofed source filtering is more a red-herring than anything
else. Its not the fix for anything related to this problem of attacks on
the internet. Spoofed or non, I can forward 1,000,000pps at your network and
it will die (most times).

This is like trying to fix a rotten decayed tooth with trident.

• Previous message (by thread): no ip forged-source-address
• Next message (by thread): no ip forged-source-address
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]