Firewall Wizards mailing list archives
Re: Recent Attacks
From: "Philip J. Koenig" <pjklist () ekahuna com>
Date: Thu, 17 Feb 2000 01:16:54 -0800
On 16 Feb 00, at 12:56, Bennett Todd boldly uttered:
Allowing forged source addrs in and out of your nets is bad hygiene.
I agree in many ways, but there are *some* cases where it can be legit and useful: ie some kinds of network troubleshooting, or for that matter, testing for things like smurf vulnerability :-)
And if DDoS attacks couldn't used forged source addrs, they couldn't use smurf to amplify their effects, and they couldn't be reused at all; the moment a victim starts capturing packets, they'd have the source addrs of all the machines in the attackers DDoS net --- and building those nets remains the relatively hard prep work for mounting one of these attacks. If we had universal ingress filtering, the moment someone started launching one of these the victim could start contacting the compromised sites, and if they refused to address their problem they could request that the streams by blocked by the compromised sites' providers.
Seems to me that the packet-authentication aspect of IPv6 would go a long way toward making sure you can track the source of packets too. IPv6 would solve a variety of things, including to help track down spammers. I'm thinking maybe we should start pushing for faster adoption of it. I wonder how many organizations used the Y2K upgrade opportunity to install IPv6-compatible hardware on their networks.
Current thread:
- Re: Recent Attacks, (continued)
- Message not available
- Re: Recent Attacks Marcus J. Ranum (Feb 15)
- Re: Recent Attacks Ryan Russell (Feb 15)
- Re: Recent Attacks Philip J. Koenig (Feb 16)
- Re: Recent Attacks Ryan Russell (Feb 17)
- Re: Recent Attacks David A. Wagner (Feb 21)
- Message not available
- Re: Recent Attacks Marcus J. Ranum (Feb 17)
- Re: Recent Attacks Ryan Russell (Feb 18)
- Message not available
- Re: Recent Attacks Terry Lee Moore (Feb 15)
- Re: Recent Attacks Marcus J. Ranum (Feb 16)
- Re: Recent Attacks Bennett Todd (Feb 16)
- Re: Recent Attacks Philip J. Koenig (Feb 17)
- Re: Recent Attacks Reverend Chris Cappuccio (Feb 17)
- Re: Recent Attacks Ge' Weijers (Feb 19)
- Re: Recent Attacks Malcolm Holser (Feb 17)
- Re: Recent Attacks Brad Van Orden (Feb 17)
- Re: Recent Attacks Philip J. Koenig (Feb 17)
- Message not available
- Re: Recent Attacks David LeBlanc (Feb 17)
- Re: Recent Attacks Philip J. Koenig (Feb 17)
- Re: Recent Attacks Ryan Russell (Feb 19)
- Message not available
- Re: Recent Attacks David LeBlanc (Feb 19)
- Message not available
- Re: Recent Attacks David LeBlanc (Feb 19)