[23802] in North American Network Operators' Group
Re: address spoofing
daemon@ATHENA.MIT.EDU (Dan Hollis)
Fri Apr 23 21:22:14 1999
Date: Fri, 23 Apr 1999 18:20:37 -0700 (PDT)
From: Dan Hollis <goemon@sasami.anime.net>
To: Randy Bush <randy@psg.com>
Cc: Andrew Brown <atatat@atatdot.net>,
John Leong <johnleong@research.bell-labs.com>, nanog@merit.edu
In-Reply-To: <m10apck-0008G4C@rip.psg.com>
Errors-To: owner-nanog-outgoing@merit.edu
On Fri, 23 Apr 1999, Randy Bush wrote:
> huh? for packet filtering, which is what we've been discussing, my
> experience is quite the opposite. one can't really afford packet
> filters on routers with oc12s. and in a multi-path universe, filtering
> for source address spoofing is best done at the edges anyway.
Wonder if its too much to ask the backbones to do sanity checks on their
customers T1 lines etc. Eg they arent smurf amplifiers, they have spoof
filters, yadda yadda.
If this happened perhaps the rate of DoS attacks would go down
-Dan
