[68289] in North American Network Operators' Group
Re: Source address validation (was Re: UUNet Offer New Protection
daemon@ATHENA.MIT.EDU (E.B. Dreger)
Sun Mar 7 20:22:25 2004
Date: Mon, 8 Mar 2004 01:22:00 +0000 (GMT)
From: "E.B. Dreger" <eddy+public+spam@noc.everquick.net>
To: nanog@merit.edu
In-Reply-To: <Pine.GSO.4.58.0403071726450.9086@clifden.donelan.com>
Errors-To: owner-nanog-outgoing@merit.edu
SD> Date: Sun, 7 Mar 2004 17:47:09 -0500 (EST)
SD> From: Sean Donelan
SD> In practice, GWF's ... send reports about packets which have
SD> our IP addresses, but didn't originate here. The last thing
Probably because someone else failed to implement SAV. If
$origin_net prevented spoofing your IP space, you'd not have had
the problem.
If other networks prevented spoofed sources, nobody else could
source a packet from your address space. In this case, a packet
apparently sourced from you network definitely would have come
from your network. Therefore you'd no longer need to check to
see if a packet was spoofed.
Notice how AS_PATHs and netblock announcements tend to get
filter. Why?
SD> you want to admit is you do SAV because GWF think SAV means
SD> every packet with that source address must have originated
SD> here.
Uh, no... a spoofed packet from someone else's network means you
had no control over it. That's pretty obvious.
Eddy
--
EverQuick Internet - http://www.everquick.net/
A division of Brotsman & Dreger, Inc. - http://www.brotsman.com/
Bandwidth, consulting, e-commerce, hosting, and network building
Phone: +1 785 865 5885 Lawrence and [inter]national
Phone: +1 316 794 8922 Wichita
_________________________________________________________________
DO NOT send mail to the following addresses :
blacklist@brics.com -or- alfra@intc.net -or- curbjmp@intc.net
Sending mail to spambait addresses is a great way to get blocked.
