Source address validation (was Re: UUNet Offer New Protection Against DDoS)

• Previous message (by thread): Source address validation (was Re: UUNet Offer New Protection Against DDoS)
• Next message (by thread): Source address validation (was Re: UUNet Offer New Protection
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sat, 6 Mar 2004, Dan Hollis wrote:
> sadly the prevailing thought seems to be 'we cant block every exploit so
> we will block none'. this (and others) are used as an excuse to not deploy
> urpf on edge interfaces facing singlehomed customers.

This is one of the few locations SAV/uRPF consistently works.  SAV/uRPF is
widely (but not 100%) deployed int those location.  However I think you
are mis-stating the issue.  I do not know of anyone that has stated your
reason as the reason not to deploy SAV/uRPF on non-routing interfaces.
The issue which prompt this thread was deploying uRPF on multi-path
backbone interfaces using active routing.

How many exploits does uRPF block?

Biometric smart cards may do wonders for credit card fraud.  Why don't
credit card companies replace all existing cards with them?

Does uRPF solve more problems than it causes, and saves more than it
costs?

• Previous message (by thread): Source address validation (was Re: UUNet Offer New Protection Against DDoS)
• Next message (by thread): Source address validation (was Re: UUNet Offer New Protection
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]