[60244] in North American Network Operators' Group
Re: WANTED: ISPs with DDoS defense solutions
daemon@ATHENA.MIT.EDU (Jack Bates)
Mon Aug 4 18:03:04 2003
Date: Mon, 04 Aug 2003 16:59:53 -0500
From: Jack Bates <jbates@brightok.net>
To: Randy Bush <randy@psg.com>
Cc: bdragon@gweep.net, nanog@merit.edu
In-Reply-To: <E19jn4g-000MAY-2I@roam.psg.com>
Errors-To: owner-nanog-outgoing@merit.edu
Randy Bush wrote:
>>anti-spoofing eliminates certain avenues of attack allowing one to focus
>>on remaining avenues, and hence (as Vix stated) is necessary but not
>>sufficient.
>
>
> it turns 1% of the technical problem into a massive social business
> problem which, even if it was solvable (which it practically isn't),
> would also be addressed by technical solutions where no spoofing is
> involved.
>
Spoofed packets are harder to trace to the source than non-spoofed
packets. Knowing where a malicious packet is very important to the
process of trying to stop the malicious packet(s). Anyone without
anti-spoof filtering has no interest in managing their network, keeping
it secure, and assisting the Internet as a whole.
Without spoofing, one could take a list of 5,000 IP addresses involved
in an attack and say, "These are either compromised or direct attacks,"
and issue reports to the correct people (with a few scripts). With
spoofing, there is no reliable way of knowing if a host is compromised,
the attacker, or if it's just another IP being spoofed. In such cases,
on has to contact each IP owner and find out if spoof protection is
enabled. If it is, then the party needs to look into the problem. If
not, then it's just another waste of time.
-Jack
