nanog mailing list archives
Re: Source address validation (was Re: UUNet Offer New Protection Against DDoS)
From: "Christopher L. Morrow" <christopher.morrow () mci com>
Date: Sun, 7 Mar 2004 20:32:48 +0000 (GMT)
On Sun, 7 Mar 2004, fingers wrote:
just a question why is DDoS the only issue mentioned wrt source address validation?
its easier to discuss than other things... for instance the number of broken vpn/nat systems out there that uRPF will break. Also, the folks with private addressed cores that will start appearing 'broken' when traceroute/unreachables stop working across their networks...
i'm sure there's other reasons to make sure your customers can't send spoofed packets. they might not always be as news-worthy, but i feel it's a provider's duty to do this. it shouldn't be optional (talking specifically about urpf on customer interfaces, loose where needed)
I'm not sure that anyone would argue that uRPF is bad, the arguement is in it's placement. I do think that part still needs to be worked out, that and making sure that your equipment can handle the task. There are certainly some people hampered by early adoption of some technologies which they can't get out from under in any reasonable fashion. --Chris (formerly chris () uu net) ####################################################### ## UUNET Technologies, Inc. ## ## Manager ## ## Customer Router Security Engineering Team ## ## (W)703-886-3823 (C)703-338-7319 ## #######################################################
Current thread:
- Re: Source address validation (was Re: UUNet Offer New Protection, (continued)
- Re: Source address validation (was Re: UUNet Offer New Protection Paul Vixie (Mar 06)
- Re: Source address validation (was Re: UUNet Offer New Protection Dan Hollis (Mar 06)
- Re: Source address validation (was Re: UUNet Offer New Protection Against DDoS) Avleen Vig (Mar 07)
- Re: Source address validation (was Re: UUNet Offer New Protection Against DDoS) Christopher L. Morrow (Mar 07)
- Re: Source address validation (was Re: UUNet Offer New Protection Against DDoS) Avleen Vig (Mar 07)
- Re: Source address validation (was Re: UUNet Offer New Protection Against DDoS) fingers (Mar 07)
- Re: Source address validation (was Re: UUNet Offer New Protection Against DDoS) Laurence F. Sheldon, Jr. (Mar 07)
- Re: Source address validation (was Re: UUNet Offer New Protection Against DDoS) Christopher L. Morrow (Mar 07)
- Re: Source address validation (was Re: UUNet Offer New Protection Against DDoS) vijay gill (Mar 07)
- Re: Source address validation (was Re: UUNet Offer New Protection Against DDoS) Paul Vixie (Mar 07)
- Re: Source address validation (was Re: UUNet Offer New Protection Against DDoS) Christopher L. Morrow (Mar 07)
- Re: Source address validation Paul Vixie (Mar 07)
- Re: Source address validation (was Re: UUNet Offer New Protection Against DDoS) E.B. Dreger (Mar 07)
- Re: UUNet Offer New Protection Against DDoS Alex Bligh (Mar 06)
- Re: UUNet Offer New Protection Against DDoS Patrick W . Gilmore (Mar 03)
- Re: UUNet Offer New Protection Against DDoS Alex Bligh (Mar 04)
- Re: UUNet Offer New Protection Against DDoS Avleen Vig (Mar 04)
- Re: UUNet Offer New Protection Against DDoS Mark Kasten (Mar 03)