RE: dsl providers that will route /24

["David Schwartz" <davids () webmaster com>]

> > They could do almost exactly the same amount of damage with an
> > unspoofed UDP flood and it would still take a human action to stop it.
>
> This is a false premise. I get hit with one-off attacks pretty often
> (oversized pings against my NT boxes, etc.), which are impossible to
> trace because of invalid source addresses.
>
> Source filters would mean that those attacks would be identifiable
> period, which they are not now.

        Not so. You could still never be sure whether the attack was spoofed or
not. That the address the attacks appear to come from employ source filters
doesn't help you.

        At least if they're spoofed and the origin network logs packets that appear
spoofed, the one off attack will be investigated and whatever caused it to
happen will be actually fixed. If it's not spoofed, it won't trigger
anything at its origin, and odds are the origin site will be unable to do
anything because the attack may have been spoofed and there will be no local
logs.

        So long as spoofing is possible, you cannot be sure where an attack came
from unless you can either log it at its source or trace the stream to its
source. That's the problem, and filters don't fix that.

        DS