Source address validation (was Re: UUNet Offer New Protection
E.B. Dreger
eddy+public+spam at noc.everquick.net
Mon Mar 8 01:22:00 UTC 2004
SD> Date: Sun, 7 Mar 2004 17:47:09 -0500 (EST)
SD> From: Sean Donelan
SD> In practice, GWF's ... send reports about packets which have
SD> our IP addresses, but didn't originate here. The last thing
Probably because someone else failed to implement SAV. If
$origin_net prevented spoofing your IP space, you'd not have had
the problem.
If other networks prevented spoofed sources, nobody else could
source a packet from your address space. In this case, a packet
apparently sourced from you network definitely would have come
from your network. Therefore you'd no longer need to check to
see if a packet was spoofed.
Notice how AS_PATHs and netblock announcements tend to get
filter. Why?
SD> you want to admit is you do SAV because GWF think SAV means
SD> every packet with that source address must have originated
SD> here.
Uh, no... a spoofed packet from someone else's network means you
had no control over it. That's pretty obvious.
Eddy
--
EverQuick Internet - http://www.everquick.net/
A division of Brotsman & Dreger, Inc. - http://www.brotsman.com/
Bandwidth, consulting, e-commerce, hosting, and network building
Phone: +1 785 865 5885 Lawrence and [inter]national
Phone: +1 316 794 8922 Wichita
_________________________________________________________________
DO NOT send mail to the following addresses :
blacklist at brics.com -or- alfra at intc.net -or- curbjmp at intc.net
Sending mail to spambait addresses is a great way to get blocked.
More information about the NANOG
mailing list