nanog mailing list archives
Re: Source address validation (was Re: UUNet Offer New Protection Against DDoS)
From: Alex Bligh <alex () alex org uk>
Date: Sun, 07 Mar 2004 01:27:07 +0000
--On 06 March 2004 18:39 -0500 Sean Donelan <sean () donelan com> wrote:
Source address validation (or Cisco's term uRPF) is perhaps more widely deployed than people realize. Its not 100%, but what's interesting is despite its use, it appears to have had very little impact on DDOS or lots of other bad things.
...
But relatively few DDOS attacks use spoofed packets. If more did, they would be easier to deal with.
AIUI that's cause & effect: the gradual implementation of source-address validation has made attacks dependent on spoofing less attractive to perpetrators. Whereas the available of large pools of zombie machines has made the use of source spoofing unnecessary. Cisco et al have shut one door, but another one (some suggest labeled Microsoft) has opened. Those with long memories might draw parallels with the evolution of phreaking from abuse of the core, which became (reasonably) protected to abuse of unprotected PABXen. As I think I said only a couple of days ago, there is nothing new in the world. Alex
Current thread:
- Re: UUNet Offer New Protection Against DDoS, (continued)
- Re: UUNet Offer New Protection Against DDoS Steve Francis (Mar 05)
- Re: UUNet Offer New Protection Against DDoS Christopher L. Morrow (Mar 05)
- RE: UUNet Offer New Protection Against DDoS Michael Hallgren (Mar 05)
- Re: UUNet Offer New Protection Against DDoS Steve Francis (Mar 05)
- Re: UUNet Offer New Protection Against DDoS Christopher L. Morrow (Mar 05)
- Re: UUNet Offer New Protection Against DDoS Dan Hollis (Mar 05)
- Re: UUNet Offer New Protection Against DDoS Christopher L. Morrow (Mar 05)
- Re: UUNet Offer New Protection Against DDoS Steve Francis (Mar 06)
- Re: UUNet Offer New Protection Against DDoS Paul Vixie (Mar 06)
- Source address validation (was Re: UUNet Offer New Protection Against DDoS) Sean Donelan (Mar 06)
- Re: Source address validation (was Re: UUNet Offer New Protection Against DDoS) Alex Bligh (Mar 06)
- Re: Source address validation (was Re: UUNet Offer New Protection Against DDoS) Paul Vixie (Mar 06)
- Re: Source address validation (was Re: UUNet Offer New Protection Against DDoS) Dan Hollis (Mar 06)
- Re: Source address validation (was Re: UUNet Offer New Protection Against DDoS) Sean Donelan (Mar 06)
- Re: Source address validation (was Re: UUNet Offer New Protection Paul Vixie (Mar 06)
- Re: UUNet Offer New Protection Against DDoS Steve Francis (Mar 05)
- Re: Source address validation (was Re: UUNet Offer New Protection Against DDoS) Sean Donelan (Mar 06)
- Re: Source address validation (was Re: UUNet Offer New Protection Against DDoS) Laurence F. Sheldon, Jr. (Mar 06)
- Re: Source address validation (was Re: UUNet Offer New Protection Against DDoS) Sean Donelan (Mar 06)
- Re: Source address validation (was Re: UUNet Offer New Protection Against DDoS) Paul Vixie (Mar 06)
- Re: Source address validation (was Re: UUNet Offer New Protection Against DDoS) Stephen J. Wilcox (Mar 07)
- Re: Source address validation (was Re: UUNet Offer New Protection Against DDoS) Christopher L. Morrow (Mar 07)