Re: Source address validation (was Re: UUNet Offer New Protection Against DDoS)

["E.B. Dreger" <eddy+public+spam () noc everquick net>]

SD> Date: Sat, 6 Mar 2004 22:04:58 -0500 (EST)
SD> From: Sean Donelan


SD> Would you rather ISPs spend money to
SD>     1. Deploying S-BGP?
SD>     2. Deploying uRPF?
SD>     3. Respond to incident reports?

Let's look at the big picture instead of a taking a shallow mutex
approach.

If SAV were universal (ha ha ha!), one could discount spoofed
traffic when analyzing flows.  But, hey, why bother playing nice
and helping other networks, eh?

Am I the only one who's had IWFs -- even legitimate entities --
complain about packets "from your network" that weren't?  It
certainly would have been nice if $other_networks had used SAV.

SAV doesn't take long to implement.  Considering the time spent
discounting spoofing when responding to incidents, I think there
would be a _net_ savings (no pun intended) in time spent
responding to incidents.

Alas, that requires cooperation and doesn't provide instantaneous
gratification.  If it doesn't make/save a quick buck, why bother?

Detection of sarcasm is left as an exercise to the reader.


Eddy
--
EverQuick Internet - http://www.everquick.net/
A division of Brotsman & Dreger, Inc. - http://www.brotsman.com/
Bandwidth, consulting, e-commerce, hosting, and network building
Phone: +1 785 865 5885 Lawrence and [inter]national
Phone: +1 316 794 8922 Wichita
_________________________________________________________________
          DO NOT send mail to the following addresses :
  blacklist () brics com -or- alfra () intc net -or- curbjmp () intc net
Sending mail to spambait addresses is a great way to get blocked.