[60246] in North American Network Operators' Group
Re: WANTED: ISPs with DDoS defense solutions
daemon@ATHENA.MIT.EDU (bdragon@gweep.net)
Mon Aug 4 19:00:32 2003
To: randy@psg.com (Randy Bush)
Date: Mon, 4 Aug 2003 18:59:52 -0400 (EDT)
Cc: nanog@merit.edu
In-Reply-To: <E19jn4g-000MAY-2I@roam.psg.com> from "Randy Bush" at Aug 04, 2003 02:41:01 PM
From: bdragon@gweep.net
Errors-To: owner-nanog-outgoing@merit.edu
> >>>> Filtering the bogons does help, and everyone should perform anti-spoofing
> >>>> in the appropriate places. It isn't, however, a silver bullet.
> >>> it's necessary but not sufficient.
> >> anti-spoofing is useful, but vastly insufficient, and hence not necessary
> > anti-spoofing eliminates certain avenues of attack allowing one to focus
> > on remaining avenues, and hence (as Vix stated) is necessary but not
> > sufficient.
>
> it turns 1% of the technical problem into a massive social business
> problem which, even if it was solvable (which it practically isn't),
> would also be addressed by technical solutions where no spoofing is
> involved.
>
> but it would provide a lot of fun and soapboxes for wannabe net
> police and vigilantes.
>
> randy
What is your solution which addresses the 100%? 99%? 50%?
What problems does anti-spoofing create?
