[68248] in North American Network Operators' Group
Re: Source address validation (was Re: UUNet Offer New Protection
daemon@ATHENA.MIT.EDU (Dan Hollis)
Sat Mar 6 21:55:58 2004
Date: Sat, 6 Mar 2004 18:55:20 -0800 (PST)
From: Dan Hollis <goemon@anime.net>
To: Paul Vixie <paul@vix.com>
Cc: nanog@merit.edu
In-Reply-To: <20040307021141.3964A14750@sa.vix.com>
Errors-To: owner-nanog-outgoing@merit.edu
On Sun, 7 Mar 2004, Paul Vixie wrote:
> don't be lulled into some kind of false sense of security by the fact
> that YOU are not seeing spoofed packets TODAY. let's close the doors we
> CAN close, and give attackers fewer options.
sadly the prevailing thought seems to be 'we cant block every exploit so
we will block none'. this (and others) are used as an excuse to not deploy
urpf on edge interfaces facing singlehomed customers.
its a fatalistic approach to dealing with network abuse, and its retarded.
-Dan
