Source address validation (was Re: UUNet Offer New Protection Against DDoS)

• Previous message (by thread): Source address validation (was Re: UUNet Offer New Protection
• Next message (by thread): Source address validation (was Re: UUNet Offer New Protection Against DDoS)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sun, 7 Mar 2004, Paul Vixie wrote:
> don't be lulled into some kind of false sense of security by the fact
> that YOU are not seeing spoofed packets TODAY.  let's close the doors we
> CAN close, and give attackers fewer options.

I don't have a false sense of security.  We have lots of open doors and
windows and even missing walls.  Let's close the doors we can close, but
buying screen doors for igloos may not be the best use of resources.  uRPF
doesn't actually prevent any attacks.

Would you rather ISPs spend money to
	1. Deploying S-BGP?
	2. Deploying uRPF?
	3. Respond to incident reports?

• Previous message (by thread): Source address validation (was Re: UUNet Offer New Protection
• Next message (by thread): Source address validation (was Re: UUNet Offer New Protection Against DDoS)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]