[53111] in North American Network Operators' Group
RE: no ip forged-source-address
daemon@ATHENA.MIT.EDU (Christopher L. Morrow)
Thu Oct 31 02:07:35 2002
Date: Thu, 31 Oct 2002 07:07:10 +0000 (GMT)
From: "Christopher L. Morrow" <chris@UU.NET>
To: Charles D Hammonds <hammonds@attens.com>
Cc: "Christopher L. Morrow" <chris@UU.NET>,
<Valdis.Kletnieks@vt.edu>, <nanog@nanog.org>
In-Reply-To: <DKEIKHLNEFOCCNBGBCDGGEPFGHAA.hammonds@attens.com>
Errors-To: owner-nanog-outgoing@merit.edu
On Wed, 30 Oct 2002, Charles D Hammonds wrote:
> analogy games are fun, but it boils down to this... If I know the real
> source of an attack, I can stop it within minutes. I'm sure that my
> customers appreciate that fact. Noone will ever completely stop attacks, the
> point is to minimize their impact. that is my concern as a service provider.
> also, from the victim's perspective, you have someone to hold accountable.
again, spoofed or non, at the egress to the customer you just need to make
the traffic stop. Whether they are spoofed isn't an issue.
>
> Charles
>
> -----Original Message-----
> From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu]On Behalf Of
> Christopher L. Morrow
> Sent: Wednesday, October 30, 2002 10:47 PM
> To: Valdis.Kletnieks@vt.edu
> Cc: Christopher L. Morrow; nanog@nanog.org
> Subject: Re: no ip forged-source-address
>
>
>
>
>
> On Thu, 31 Oct 2002 Valdis.Kletnieks@vt.edu wrote:
>
> > On Thu, 31 Oct 2002 06:21:00 GMT, "Christopher L. Morrow" said:
> >
> > > I'm confused.. its still a DoS attack, eh??
> >
> > It's the difference between:
> >
> > A) Going out to your car at the end of a too-long day and finding a
> > broken taillight.
> >
> > B) Going out to your car at the end of a too-long day and finding a
> > broken taillight and a business card under the windshield wiper that
> > has "Sorry - call me and I'll pay for it" written on the back.
> >
>
> I think the spoofed source filtering is more a red-herring than anything
> else. Its not the fix for anything related to this problem of attacks on
> the internet. Spoofed or non, I can forward 1,000,000pps at your network and
> it will die (most times).
>
> This is like trying to fix a rotten decayed tooth with trident.
>
>
