[60297] in North American Network Operators' Group
Re: WANTED: ISPs with DDoS defense solutions
daemon@ATHENA.MIT.EDU (Christopher L. Morrow)
Tue Aug 5 21:38:44 2003
Date: Wed, 6 Aug 2003 01:36:03 +0000 (GMT)
From: "Christopher L. Morrow" <chris@UU.NET>
To: Paul Vixie <vixie@vix.com>
Cc: nanog@merit.edu
In-Reply-To: <g37k5rlhzo.fsf@sa.vix.com>
Errors-To: owner-nanog-outgoing@merit.edu
On Wed, 6 Aug 2003, Paul Vixie wrote:
>
> > More and more there is less and less spoofing, its just not required and
> > it causes more damage with less effort :( Why spoof when you have 1000
> > machines pumping 1 packet per second? (or 10)
>
> leaving the spoofing option open for future generations of attacks,
> rather than having a witch-hunt and tracking down and upgrading every
> insecure edge, is just about the worst thing we could do. because
> when an attacker wants an extra edge, they'll add spoofing to their
> attack profile, and the core's immune system will be totally unprepared.
I don't believe I ever said that the edges shouldn't filter... did I?
