Re: Recent Attacks

["Philip J. Koenig" <pjklist () ekahuna com>]

On 16 Feb 00, at 12:56, Bennett Todd boldly uttered: 

> Allowing forged source addrs in and out of your nets is bad hygiene.


I agree in many ways, but there are *some* cases where it can
be legit and useful: ie some kinds of network troubleshooting,
or for that matter, testing for things like smurf vulnerability :-)


> And if DDoS attacks couldn't used forged source addrs, they couldn't
> use smurf to amplify their effects, and they couldn't be reused at
> all; the moment a victim starts capturing packets, they'd have the
> source addrs of all the machines in the attackers DDoS net --- and
> building those nets remains the relatively hard prep work for
> mounting one of these attacks. If we had universal ingress
> filtering, the moment someone started launching one of these the
> victim could start contacting the compromised sites, and if they
> refused to address their problem they could request that the streams
> by blocked by the compromised sites' providers.


Seems to me that the packet-authentication aspect of IPv6
would go a long way toward making sure you can track the
source of packets too.  

IPv6 would solve a variety of things, including to help 
track down spammers.  I'm thinking maybe we should start 
pushing for faster adoption of it.  I wonder how many 
organizations used the Y2K upgrade opportunity to install 
IPv6-compatible hardware on their networks.