Re: filtering spoofed addresses cheaply

[Karl Denninger <karl () mcs net>]

On Sat, Apr 25, 1998 at 11:47:00PM -0700, Randy Bush wrote:
> one view is that the clue is in the core where it is too late to fix it.
> and the place it needs to be fixed is at the edges, where the tools are weak
> and the clues seem (given empirical evidence) too few and far apart.  this
> will change very slowly as market forces move clue toward the edges (on the
> backs of flying pigs) or the edges wither.
>
> another view is that the site of the cause is not where the pain of the
> effect is felt.  hence the incentive to fix is small.  this would seem only
> susceptible to vigilante acts, which is not cool.  better ideas welcome.
>
> randy

Well, yes and no.

Blocking the amplifiers, forcing them to repent and fix their routers (or
lose connectivity) WORKS Randy.  I'm living proof, because what was a
nightly out-of-service condition on our IRC server is now NOT one.

Without the amplifiers, the source spoofing is useless.  Yes, I know its not
hte real problem, but trying to get Lucent and ASCEND in particular to fix
this has proven fruitless over more than a year.  All that is left is
interdiction; its not perfect, but folks, it WORKS.

--
-- 
Karl Denninger (karl () MCS Net)| MCSNet - Serving Chicagoland and Wisconsin
http://www.mcs.net/          | T1's from $600 monthly / All Lines K56Flex/DOV
                             | NEW! Corporate ISDN Prices dropped by up to 50%!
Voice: [+1 312 803-MCS1 x219]| EXCLUSIVE NEW FEATURE ON ALL PERSONAL ACCOUNTS
Fax:   [+1 312 803-4929]     | *SPAMBLOCK* Technology now included at no cost