Interesting People mailing list archives
IP: more on Internet Attacks and Critical Infrastructure Protectio n]
From: Dave Farber <farber () cis upenn edu>
Date: Mon, 14 Feb 2000 16:47:55 -0500
X-Mailer: exmh version 2.1.1 10/15/1999 From: "Steven M. Bellovin" <smb () research att com> To: Dave Farber <farber () cis upenn edu> \ Dave -- someone forwarded to me Stewart Baker's comments on network authentication. I think there's a serious misunderstanding of what happened. Fundamentally, this latest round of attacks was on the recipient's network bandwidth. Very few of the packets actually reached the destination; whether or not they were authenticatable was completely irrelevant to the attacker. The packets did their harm just by the attempt to deliver them to the victim. In fact, mandatory authentication could make things worse, by creating new denial of service attacks. After all, cryptographic authentication is expensive, while emitting random packets is not. To be sure, ISPs can and should deploy anti-spoof filters on their access routers. (This is an IETF Best Current Practice, as spelled out in RFC 2267.) By blocking forged source addresses, attacks can easily be blocked or traced back to their origin. And doing this does not hurt customer privacy, since the source ISP already must know all legal addresses for each customer. --Steve Bellovin
Current thread:
- IP: more on Internet Attacks and Critical Infrastructure Protectio n] Dave Farber (Feb 14)