Source address validation (was Re: UUNet Offer New Protection Against DDoS)
E.B. Dreger
eddy+public+spam at noc.everquick.net
Sun Mar 7 18:58:36 UTC 2004
SD> Date: Sat, 6 Mar 2004 22:04:58 -0500 (EST)
SD> From: Sean Donelan
SD> Would you rather ISPs spend money to
SD> 1. Deploying S-BGP?
SD> 2. Deploying uRPF?
SD> 3. Respond to incident reports?
Let's look at the big picture instead of a taking a shallow mutex
approach.
If SAV were universal (ha ha ha!), one could discount spoofed
traffic when analyzing flows. But, hey, why bother playing nice
and helping other networks, eh?
Am I the only one who's had IWFs -- even legitimate entities --
complain about packets "from your network" that weren't? It
certainly would have been nice if $other_networks had used SAV.
SAV doesn't take long to implement. Considering the time spent
discounting spoofing when responding to incidents, I think there
would be a _net_ savings (no pun intended) in time spent
responding to incidents.
Alas, that requires cooperation and doesn't provide instantaneous
gratification. If it doesn't make/save a quick buck, why bother?
Detection of sarcasm is left as an exercise to the reader.
Eddy
--
EverQuick Internet - http://www.everquick.net/
A division of Brotsman & Dreger, Inc. - http://www.brotsman.com/
Bandwidth, consulting, e-commerce, hosting, and network building
Phone: +1 785 865 5885 Lawrence and [inter]national
Phone: +1 316 794 8922 Wichita
_________________________________________________________________
DO NOT send mail to the following addresses :
blacklist at brics.com -or- alfra at intc.net -or- curbjmp at intc.net
Sending mail to spambait addresses is a great way to get blocked.
More information about the NANOG
mailing list