[68264] in North American Network Operators' Group
Re: Source address validation (was Re: UUNet Offer New Protection
daemon@ATHENA.MIT.EDU (Laurence F. Sheldon, Jr.)
Sun Mar 7 13:15:54 2004
Date: Sun, 07 Mar 2004 12:14:58 -0600
From: "Laurence F. Sheldon, Jr." <LarrySheldon@cox.net>
Cc: nanog@merit.edu
In-Reply-To: <20040307200655.D95823@snow.fingers.co.za>
Errors-To: owner-nanog-outgoing@merit.edu
fingers wrote:
> just a question
>
> why is DDoS the only issue mentioned wrt source address validation?
>
> i'm sure there's other reasons to make sure your customers can't send
> spoofed packets. they might not always be as news-worthy, but i feel it's
> a provider's duty to do this. it shouldn't be optional (talking
> specifically about urpf on customer interfaces, loose where needed)
Because _Distributed_ is the hot buzzword of the day.
At least one of us thinks clean traffic is a Good Thing all the time.
Packets that can't possibley be used for anything ought to be dumped at
the earliest possible opportunity as soon as it is apparent (or could
be if anybody looked) that they are "from" addresses that can't be
reached or have any other obviously fatal defect.
