nanog mailing list archives
Re: Permitting spoofed traffic [Was: Re: ddos attack blog]
From: Joe Provo <nanog-post () rsuc gweep net>
Date: Fri, 14 Feb 2014 19:09:46 -0500
On Fri, Feb 14, 2014 at 10:42:55AM -0800, Paul Ferguson wrote: [snip]
Taken to the logical extreme, the "right thing" to do is to deny any spoofed traffic from abusing these services altogether. NTP is not the only one; there is also SNMP, DNS, etc.
...and then we're back to "implement BCP38 already!" (like one of the authors of the document didn't think of that, ferg? ;-) NB: Some Entities believe all filtering is 'bcp 38' and thus have given this stone-dead logical and sane practice a bad rap. If someone is sloppy with their IRR-based filters or can't drive loose RPF correctly, that isn't the fault of BCP38. The document specifically speaks to aggregation points, most clearly in the introduction: "In other words, if an ISP is aggregating routing announcements for multiple downstream networks, strict traffic filtering should be used to prohibit traffic which claims to have originated from outside of these aggregated announcements." This goes for access, hosting, and most recently virtual hosting in teh cloude. Stop forgery at your edges and your life will be easier. Cheers, Joe -- RSUC / GweepNet / Spunk / FnB / CotSG / Usenix / NANOG
Current thread:
- ddos attack blog Cb B (Feb 13)
- Re: ddos attack blog Jared Mauch (Feb 13)
- Re: ddos attack blog Paul Ferguson (Feb 13)
- Re: ddos attack blog John (Feb 13)
- Re: ddos attack blog Jared Mauch (Feb 13)
- Re: ddos attack blog Mark Tinka (Feb 14)
- Re: ddos attack blog Wayne E Bouchard (Feb 14)
- Permitting spoofed traffic [Was: Re: ddos attack blog] Paul Ferguson (Feb 14)
- Re: Permitting spoofed traffic [Was: Re: ddos attack blog] Joe Provo (Feb 14)
- Re: Permitting spoofed traffic [Was: Re: ddos attack blog] Paul Ferguson (Feb 14)
- Re: Permitting spoofed traffic [Was: Re: ddos attack blog] Jeff Kell (Feb 14)
- Re: ddos attack blog Jared Mauch (Feb 13)
- Message not available
- Re: Permitting spoofed traffic [Was: Re: ddos attack blog] Larry Sheldon (Feb 14)
- Re: Permitting spoofed traffic [Was: Re: ddos attack blog] Paul Ferguson (Feb 14)
- Re: ddos attack blog John (Feb 14)
- <Possible follow-ups>
- Re: ddos attack blog Hal Murray (Feb 14)
- Re: ddos attack blog joel jaeggli (Feb 14)