On Thu, 31 Oct 2002, Christopher L. Morrow wrote:
I think the spoofed source filtering is more a red-herring than anything else. Its not the fix for anything related to this problem of attacks on the internet. Spoofed or non, I can forward 1,000,000pps at your network and it will die (most times).
I agree, but
This is like trying to fix a rotten decayed tooth with trident.
Wouldn't you rather the dentist know which tooth to drill, instead of randomly drilling all of of your teeth hoping to get the cavity? I can pretty much predict, after source address validation becomes widely used someone will come up with the idea of blackholing attacking hosts. Of course, since many of these systems use DHCP, the zombies will just release and get new addresses.