[68265] in North American Network Operators' Group
Re: Source address validation (was Re: UUNet Offer New Protection
daemon@ATHENA.MIT.EDU (E.B. Dreger)
Sun Mar 7 13:59:11 2004
Date: Sun, 7 Mar 2004 18:58:36 +0000 (GMT)
From: "E.B. Dreger" <eddy+public+spam@noc.everquick.net>
To: nanog@merit.edu
In-Reply-To: <Pine.GSO.4.58.0403062114300.6699@clifden.donelan.com>
Errors-To: owner-nanog-outgoing@merit.edu
SD> Date: Sat, 6 Mar 2004 22:04:58 -0500 (EST)
SD> From: Sean Donelan
SD> Would you rather ISPs spend money to
SD> 1. Deploying S-BGP?
SD> 2. Deploying uRPF?
SD> 3. Respond to incident reports?
Let's look at the big picture instead of a taking a shallow mutex
approach.
If SAV were universal (ha ha ha!), one could discount spoofed
traffic when analyzing flows. But, hey, why bother playing nice
and helping other networks, eh?
Am I the only one who's had IWFs -- even legitimate entities --
complain about packets "from your network" that weren't? It
certainly would have been nice if $other_networks had used SAV.
SAV doesn't take long to implement. Considering the time spent
discounting spoofing when responding to incidents, I think there
would be a _net_ savings (no pun intended) in time spent
responding to incidents.
Alas, that requires cooperation and doesn't provide instantaneous
gratification. If it doesn't make/save a quick buck, why bother?
Detection of sarcasm is left as an exercise to the reader.
Eddy
--
EverQuick Internet - http://www.everquick.net/
A division of Brotsman & Dreger, Inc. - http://www.brotsman.com/
Bandwidth, consulting, e-commerce, hosting, and network building
Phone: +1 785 865 5885 Lawrence and [inter]national
Phone: +1 316 794 8922 Wichita
_________________________________________________________________
DO NOT send mail to the following addresses :
blacklist@brics.com -or- alfra@intc.net -or- curbjmp@intc.net
Sending mail to spambait addresses is a great way to get blocked.
