nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Source address validation (was Re: UUNet Offer New Protection Against DDoS)

From: Sean Donelan <sean () donelan com>
Date: Sat, 6 Mar 2004 22:04:58 -0500 (EST)

On Sun, 7 Mar 2004, Paul Vixie wrote:

don't be lulled into some kind of false sense of security by the fact
that YOU are not seeing spoofed packets TODAY.  let's close the doors we
CAN close, and give attackers fewer options.


I don't have a false sense of security.  We have lots of open doors and
windows and even missing walls.  Let's close the doors we can close, but
buying screen doors for igloos may not be the best use of resources.  uRPF
doesn't actually prevent any attacks.

Would you rather ISPs spend money to
        1. Deploying S-BGP?
        2. Deploying uRPF?
        3. Respond to incident reports?
Previous By Date Next
Previous By Thread Next

Current thread: