[16450] in North American Network Operators' Group
Re: filtering spoofed addresses cheaply
daemon@ATHENA.MIT.EDU (Karl Denninger)
Sun Apr 26 10:58:22 1998
Date: Sun, 26 Apr 1998 09:06:26 -0500
From: Karl Denninger <karl@mcs.net>
To: Randy Bush <randy@psg.com>
Cc: William Allen Simpson <wsimpson@greendragon.com>, nanog@merit.edu
In-Reply-To: <m0yTLDw-0007zWC@rip.psg.com>; from Randy Bush on Sat, Apr 25, 1998 at 11:47:00PM -0700
On Sat, Apr 25, 1998 at 11:47:00PM -0700, Randy Bush wrote:
> one view is that the clue is in the core where it is too late to fix it.
> and the place it needs to be fixed is at the edges, where the tools are weak
> and the clues seem (given empirical evidence) too few and far apart. this
> will change very slowly as market forces move clue toward the edges (on the
> backs of flying pigs) or the edges wither.
>
> another view is that the site of the cause is not where the pain of the
> effect is felt. hence the incentive to fix is small. this would seem only
> susceptible to vigilante acts, which is not cool. better ideas welcome.
>
> randy
Well, yes and no.
Blocking the amplifiers, forcing them to repent and fix their routers (or
lose connectivity) WORKS Randy. I'm living proof, because what was a
nightly out-of-service condition on our IRC server is now NOT one.
Without the amplifiers, the source spoofing is useless. Yes, I know its not
hte real problem, but trying to get Lucent and ASCEND in particular to fix
this has proven fruitless over more than a year. All that is left is
interdiction; its not perfect, but folks, it WORKS.
--
--
Karl Denninger (karl@MCS.Net)| MCSNet - Serving Chicagoland and Wisconsin
http://www.mcs.net/ | T1's from $600 monthly / All Lines K56Flex/DOV
| NEW! Corporate ISDN Prices dropped by up to 50%!
Voice: [+1 312 803-MCS1 x219]| EXCLUSIVE NEW FEATURE ON ALL PERSONAL ACCOUNTS
Fax: [+1 312 803-4929] | *SPAMBLOCK* Technology now included at no cost