[68259] in North American Network Operators' Group
Re: Source address validation (was Re: UUNet Offer New Protection
daemon@ATHENA.MIT.EDU (Paul Vixie)
Sun Mar 7 02:24:07 2004
To: nanog@merit.edu
From: Paul Vixie <vixie@vix.com>
Date: 07 Mar 2004 07:22:08 +0000
In-Reply-To: <Pine.GSO.4.58.0403062206310.6699@clifden.donelan.com>
Errors-To: owner-nanog-outgoing@merit.edu
sean@donelan.com (Sean Donelan) writes:
> How many exploits does uRPF block?
that's hard to measure since we end up not receiving those. but one can
assume that spoofed-source attacks aren't tried, either because (1) it's
easier to just use a high number of windows-xp drones, or because of (2)
uRPF deployment.
> Does uRPF solve more problems than it causes, and saves more than it costs?
until you know what percentage of the attacks you don't see is due to (1)
vs (2) above, you can't really pose that question meaningfully. anytime
there's a way to protect against a whole class of attack weapons, we have
to deploy it. this is war, information warfare. let's deprive the enemy
of options until we can force them to meet us on our own chosen terms.
--
Paul Vixie
