nanog mailing list archives

Re: Source address validation (was Re: UUNet Offer New Protection Against DDoS)

From: Dan Hollis <goemon () anime net>
Date: Sat, 6 Mar 2004 18:55:20 -0800 (PST)


On Sun, 7 Mar 2004, Paul Vixie wrote:

don't be lulled into some kind of false sense of security by the fact
that YOU are not seeing spoofed packets TODAY.  let's close the doors we
CAN close, and give attackers fewer options.


sadly the prevailing thought seems to be 'we cant block every exploit so 
we will block none'. this (and others) are used as an excuse to not deploy 
urpf on edge interfaces facing singlehomed customers.

its a fatalistic approach to dealing with network abuse, and its retarded.

-Dan

Current thread:

RE: UUNet Offer New Protection Against DDoS, (continued)
- - - RE: UUNet Offer New Protection Against DDoS Michael Hallgren (Mar 05)
    - Re: UUNet Offer New Protection Against DDoS Steve Francis (Mar 05)
    - Re: UUNet Offer New Protection Against DDoS Christopher L. Morrow (Mar 05)
    - Re: UUNet Offer New Protection Against DDoS Dan Hollis (Mar 05)
    - Re: UUNet Offer New Protection Against DDoS Christopher L. Morrow (Mar 05)
    - Re: UUNet Offer New Protection Against DDoS Steve Francis (Mar 06)
    - Re: UUNet Offer New Protection Against DDoS Paul Vixie (Mar 06)
    - Source address validation (was Re: UUNet Offer New Protection Against DDoS) Sean Donelan (Mar 06)
    - Re: Source address validation (was Re: UUNet Offer New Protection Against DDoS) Alex Bligh (Mar 06)
    - Re: Source address validation (was Re: UUNet Offer New Protection Against DDoS) Paul Vixie (Mar 06)
    - Re: Source address validation (was Re: UUNet Offer New Protection Against DDoS) Dan Hollis (Mar 06)
    - Re: Source address validation (was Re: UUNet Offer New Protection Against DDoS) Sean Donelan (Mar 06)
    - Re: Source address validation (was Re: UUNet Offer New Protection Paul Vixie (Mar 06)
    - Re: Source address validation (was Re: UUNet Offer New Protection Against DDoS) Sean Donelan (Mar 06)
    - Re: Source address validation (was Re: UUNet Offer New Protection Against DDoS) Laurence F. Sheldon, Jr. (Mar 06)
    - Re: Source address validation (was Re: UUNet Offer New Protection Against DDoS) Sean Donelan (Mar 06)
    - Re: Source address validation (was Re: UUNet Offer New Protection Against DDoS) Paul Vixie (Mar 06)
    - Re: Source address validation (was Re: UUNet Offer New Protection Against DDoS) Stephen J. Wilcox (Mar 07)
    - Re: Source address validation (was Re: UUNet Offer New Protection Against DDoS) Christopher L. Morrow (Mar 07)
    - Re: Source address validation (was Re: UUNet Offer New Protection Against DDoS) Avleen Vig (Mar 07)
    - Re: Source address validation (was Re: UUNet Offer New Protection Against DDoS) Stephen J. Wilcox (Mar 07)

(Thread continues...)