Source address validation (was Re: UUNet Offer New Protection Against DDoS)
E.B. Dreger
eddy+public+spam at noc.everquick.net
Mon Mar 8 02:02:58 UTC 2004
CLM> Date: Mon, 8 Mar 2004 01:32:51 +0000 (GMT)
CLM> From: Christopher L. Morrow
CLM> in a perfect world yes[...]
CLM> Until this is a default behaviour and you can't screw it up
CLM> (ala directed-broadcast) this will be something we all have
CLM> to deal with.
Yes. But the only way we'll get there is 1) a flag day or 2) if
we gradually work in that direction.
CLM> it melts routers, good enough for you? Specifically it
CLM> melts linecards :(
:-(
CLM> This is a problem that could be migrated out as new
CLM> equipment/capabilities hit everyone's networks. I suspect
CLM> that market pressure will push things in this direction
CLM> anyway over time.
...and hopefully will be safe-by-default. Anyone who has
multihomed downstreams should be clued enough to disable strict
SAV as needed -- similar to, yet the opposite of, manually
configuring OSPF to treat interfaces as passive by default.
As for low-end routers, uRPF is supported on 26xx. I don't know
about a 16xx or 25xx... a scary thought, but chances are such a
router would have a very small list of reachable netblocks to
check.
Eddy
--
EverQuick Internet - http://www.everquick.net/
A division of Brotsman & Dreger, Inc. - http://www.brotsman.com/
Bandwidth, consulting, e-commerce, hosting, and network building
Phone: +1 785 865 5885 Lawrence and [inter]national
Phone: +1 316 794 8922 Wichita
_________________________________________________________________
DO NOT send mail to the following addresses :
blacklist at brics.com -or- alfra at intc.net -or- curbjmp at intc.net
Sending mail to spambait addresses is a great way to get blocked.
More information about the NANOG
mailing list