nanog mailing list archives
Re: no ip forged-source-address
From: Barney Wolff <barney () tp databus com>
Date: Wed, 30 Oct 2002 14:52:18 -0500
On Wed, Oct 30, 2002 at 09:26:30PM +0200, Hank Nussbacher wrote:
Traceback would get me instantly back to the offending subnet but then it would take a bit of digging on the network admin to track me down and applying RPF checking won't help.
Sure. But do you really want to give up a 95% solution just because it doesn't get you the last inch? We have no solution that will do that. Being able instantly to identify the subnets from which DDoS traffic is coming would make shutting off those subnets during the attack possible*, and that in turn would motivate the subnet owners to clean up their hosts. * I suspect that an attack that actually comes from 1000 compromised hosts does not come from nearly that many subnets. Is there any data? As a historical note, I put SAA in the filters for the ATT Worldnet dialup network from its very start in 1995. Work by smb on the dangers of spoofed source addresses was already public then. It's long past time for the rest of the world to catch up. -- Barney Wolff http://www.databus.com/bwresume.pdf I'm available by contract or FT, in the NYC metro area or via the 'Net.
Current thread:
- no ip forged-source-address variable (Oct 30)
- Re: no ip forged-source-address Jesper Skriver (Oct 30)
- Re: no ip forged-source-address variable () ednet co uk (Oct 30)
- Re: no ip forged-source-address Jesper Skriver (Oct 30)
- Re: no ip forged-source-address variable () ednet co uk (Oct 30)
- Re: no ip forged-source-address Lars Erik Gullerud (Oct 30)
- Re: no ip forged-source-address Jared Mauch (Oct 30)
- Re: no ip forged-source-address Hank Nussbacher (Oct 30)
- Re: no ip forged-source-address Barney Wolff (Oct 30)
- Re: no ip forged-source-address Craig A. Huegen (Oct 30)
- Re: no ip forged-source-address Jared Mauch (Oct 30)
- Re: no ip forged-source-address Petri Helenius (Oct 30)
- RE: no ip forged-source-address Tony Hain (Oct 30)
- Re: no ip forged-source-address Jim Forster (Oct 30)
- Message not available
- Re: no ip forged-source-address Daniel Senie (Oct 30)
- Re: no ip forged-source-address Jesper Skriver (Oct 30)
- <Possible follow-ups>
- Re: no ip forged-source-address Daniel Senie (Oct 30)
- Re: no ip forged-source-address variable () ednet co uk (Oct 30)
- RE: no ip forged-source-address Tony Hain (Oct 30)
- RE: no ip forged-source-address Daniel Senie (Oct 30)
- Re: no ip forged-source-address variable () ednet co uk (Oct 30)