nanog mailing list archives
Re: Source address validation (was Re: UUNet Offer New Protection Against DDoS)
From: "E.B. Dreger" <eddy+public+spam () noc everquick net>
Date: Mon, 8 Mar 2004 02:02:58 +0000 (GMT)
CLM> Date: Mon, 8 Mar 2004 01:32:51 +0000 (GMT) CLM> From: Christopher L. Morrow CLM> in a perfect world yes[...] CLM> Until this is a default behaviour and you can't screw it up CLM> (ala directed-broadcast) this will be something we all have CLM> to deal with. Yes. But the only way we'll get there is 1) a flag day or 2) if we gradually work in that direction. CLM> it melts routers, good enough for you? Specifically it CLM> melts linecards :( :-( CLM> This is a problem that could be migrated out as new CLM> equipment/capabilities hit everyone's networks. I suspect CLM> that market pressure will push things in this direction CLM> anyway over time. ...and hopefully will be safe-by-default. Anyone who has multihomed downstreams should be clued enough to disable strict SAV as needed -- similar to, yet the opposite of, manually configuring OSPF to treat interfaces as passive by default. As for low-end routers, uRPF is supported on 26xx. I don't know about a 16xx or 25xx... a scary thought, but chances are such a router would have a very small list of reachable netblocks to check. Eddy -- EverQuick Internet - http://www.everquick.net/ A division of Brotsman & Dreger, Inc. - http://www.brotsman.com/ Bandwidth, consulting, e-commerce, hosting, and network building Phone: +1 785 865 5885 Lawrence and [inter]national Phone: +1 316 794 8922 Wichita _________________________________________________________________ DO NOT send mail to the following addresses : blacklist () brics com -or- alfra () intc net -or- curbjmp () intc net Sending mail to spambait addresses is a great way to get blocked.
Current thread:
- Re: Source address validation (was Re: UUNet Offer New Protection Against DDoS), (continued)
- Re: Source address validation (was Re: UUNet Offer New Protection Against DDoS) Avleen Vig (Mar 07)
- Re: Source address validation (was Re: UUNet Offer New Protection Against DDoS) Stephen J. Wilcox (Mar 07)
- Re: Source address validation (was Re: UUNet Offer New Protection Against DDoS) Christopher L. Morrow (Mar 07)
- Re: Source address validation (was Re: UUNet Offer New Protection Against DDoS) E.B. Dreger (Mar 07)
- Re: Source address validation (was Re: UUNet Offer New Protection Against DDoS) Sean Donelan (Mar 07)
- Re: Source address validation (was Re: UUNet Offer New Protection Paul Vixie (Mar 07)
- Re: Source address validation (was Re: UUNet Offer New Protection Sean Donelan (Mar 07)
- Re: Source address validation (was Re: UUNet Offer New Protection E.B. Dreger (Mar 07)
- Re: Source address validation (was Re: UUNet Offer New Protection Against DDoS) E.B. Dreger (Mar 07)
- Re: Source address validation (was Re: UUNet Offer New Protection Against DDoS) Christopher L. Morrow (Mar 07)
- Re: Source address validation (was Re: UUNet Offer New Protection Against DDoS) E.B. Dreger (Mar 07)
- Re: Source address validation (was Re: UUNet Offer New Protection Against DDoS) Steve Francis (Mar 08)
- Re: Source address validation (was Re: UUNet Offer New Protection Against DDoS) Sean Donelan (Mar 08)
- Re: Source address validation (was Re: UUNet Offer New Protection Against DDoS) Steve Francis (Mar 08)
- Re: Source address validation (was Re: UUNet Offer New Protection Against DDoS) Sean Donelan (Mar 07)
- Re: Source address validation (was Re: UUNet Offer New Protection Against DDoS) Laurence F. Sheldon, Jr. (Mar 07)
- Re: Source address validation (was Re: UUNet Offer New Protection Against DDoS) Dan Hollis (Mar 07)
- Re: Source address validation (was Re: UUNet Offer New Protection Paul Vixie (Mar 07)
- Re: Source address validation (was Re: UUNet Offer New Protection Against DDoS) E.B. Dreger (Mar 07)
- Re: Source address validation (was Re: UUNet Offer New Protection Against DDoS) Joe Provo (Mar 07)
- Re: Source address validation (was Re: UUNet Offer New Protection Against DDoS) Henry Linneweh (Mar 08)