Re: WANTED: ISPs with DDoS defense solutions

["Christopher L. Morrow" <chris () UU NET>]

On Wed, 6 Aug 2003, Paul Vixie wrote:

> > More and more there is less and less spoofing, its just not required and
> > it causes more damage with less effort :( Why spoof when you have 1000
> > machines pumping 1 packet per second? (or 10)
>
> leaving the spoofing option open for future generations of attacks,
> rather than having a witch-hunt and tracking down and upgrading every
> insecure edge, is just about the worst thing we could do.  because
> when an attacker wants an extra edge, they'll add spoofing to their
> attack profile, and the core's immune system will be totally unprepared.

I don't believe I ever said that the edges shouldn't filter... did I?