[68291] in North American Network Operators' Group
Re: Source address validation (was Re: UUNet Offer New Protection
daemon@ATHENA.MIT.EDU (E.B. Dreger)
Sun Mar 7 21:03:36 2004
Date: Mon, 8 Mar 2004 02:02:58 +0000 (GMT)
From: "E.B. Dreger" <eddy+public+spam@noc.everquick.net>
To: nanog@merit.edu
In-Reply-To: <Pine.GSO.4.58.0403080121280.15373@rampart.argfrp.us.uu.net>
Errors-To: owner-nanog-outgoing@merit.edu
CLM> Date: Mon, 8 Mar 2004 01:32:51 +0000 (GMT)
CLM> From: Christopher L. Morrow
CLM> in a perfect world yes[...]
CLM> Until this is a default behaviour and you can't screw it up
CLM> (ala directed-broadcast) this will be something we all have
CLM> to deal with.
Yes. But the only way we'll get there is 1) a flag day or 2) if
we gradually work in that direction.
CLM> it melts routers, good enough for you? Specifically it
CLM> melts linecards :(
:-(
CLM> This is a problem that could be migrated out as new
CLM> equipment/capabilities hit everyone's networks. I suspect
CLM> that market pressure will push things in this direction
CLM> anyway over time.
...and hopefully will be safe-by-default. Anyone who has
multihomed downstreams should be clued enough to disable strict
SAV as needed -- similar to, yet the opposite of, manually
configuring OSPF to treat interfaces as passive by default.
As for low-end routers, uRPF is supported on 26xx. I don't know
about a 16xx or 25xx... a scary thought, but chances are such a
router would have a very small list of reachable netblocks to
check.
Eddy
--
EverQuick Internet - http://www.everquick.net/
A division of Brotsman & Dreger, Inc. - http://www.brotsman.com/
Bandwidth, consulting, e-commerce, hosting, and network building
Phone: +1 785 865 5885 Lawrence and [inter]national
Phone: +1 316 794 8922 Wichita
_________________________________________________________________
DO NOT send mail to the following addresses :
blacklist@brics.com -or- alfra@intc.net -or- curbjmp@intc.net
Sending mail to spambait addresses is a great way to get blocked.
