nanog mailing list archives
Re: Source address validation (was Re: UUNet Offer New Protection
From: Sean Donelan <sean () donelan com>
Date: Sun, 7 Mar 2004 17:47:09 -0500 (EST)
On Sun, 7 Mar 2004, Paul Vixie wrote:
in the therefore-unreal world i live in, the ability to tell a GWF ("goober with firewall") that the incident report they sent our noc could not possibly have come from here, is a net cost savings over having to prove it every time.
Of course, some people claim large networks say that anyway so there is not net cost savings :-) In practice, GWF's do not send reports to noc's about packets which could not have possibly have come from here. They send reports about packets which have our IP addresses, but didn't originate here. The last thing you want to admit is you do SAV because GWF think SAV means every packet with that source address must have originated here. Whether or not we do SAV or everyone else does SAV, it doesn't save any time validating if a packet stream originated here. Did the packet actually originate here, or did SAV fail somewhere and it originated somewhere else? Dear NOC, 192.5.5.241 is attacking me. Prove it isn't. Rinse, Lather, Repeat. Maybe you got hacked in the last 5 seconds, and now you really are attacking them.
Current thread:
- Re: Source address validation (was Re: UUNet Offer New Protection Against DDoS), (continued)
- Re: Source address validation (was Re: UUNet Offer New Protection Against DDoS) Sean Donelan (Mar 06)
- Re: Source address validation (was Re: UUNet Offer New Protection Against DDoS) Paul Vixie (Mar 06)
- Re: Source address validation (was Re: UUNet Offer New Protection Against DDoS) Stephen J. Wilcox (Mar 07)
- Re: Source address validation (was Re: UUNet Offer New Protection Against DDoS) Christopher L. Morrow (Mar 07)
- Re: Source address validation (was Re: UUNet Offer New Protection Against DDoS) Avleen Vig (Mar 07)
- Re: Source address validation (was Re: UUNet Offer New Protection Against DDoS) Stephen J. Wilcox (Mar 07)
- Re: Source address validation (was Re: UUNet Offer New Protection Against DDoS) Christopher L. Morrow (Mar 07)
- Re: Source address validation (was Re: UUNet Offer New Protection Against DDoS) E.B. Dreger (Mar 07)
- Re: Source address validation (was Re: UUNet Offer New Protection Against DDoS) Sean Donelan (Mar 07)
- Re: Source address validation (was Re: UUNet Offer New Protection Paul Vixie (Mar 07)
- Re: Source address validation (was Re: UUNet Offer New Protection Sean Donelan (Mar 07)
- Re: Source address validation (was Re: UUNet Offer New Protection E.B. Dreger (Mar 07)
- Re: Source address validation (was Re: UUNet Offer New Protection Against DDoS) E.B. Dreger (Mar 07)
- Re: Source address validation (was Re: UUNet Offer New Protection Against DDoS) Christopher L. Morrow (Mar 07)
- Re: Source address validation (was Re: UUNet Offer New Protection Against DDoS) E.B. Dreger (Mar 07)
- Re: Source address validation (was Re: UUNet Offer New Protection Against DDoS) Steve Francis (Mar 08)
- Re: Source address validation (was Re: UUNet Offer New Protection Against DDoS) Sean Donelan (Mar 08)
- Re: Source address validation (was Re: UUNet Offer New Protection Against DDoS) Steve Francis (Mar 08)
- Re: Source address validation (was Re: UUNet Offer New Protection Against DDoS) Sean Donelan (Mar 07)
- Re: Source address validation (was Re: UUNet Offer New Protection Against DDoS) Laurence F. Sheldon, Jr. (Mar 07)
- Re: Source address validation (was Re: UUNet Offer New Protection Against DDoS) Dan Hollis (Mar 07)