On Wed, 30 Oct 2002, Charles D Hammonds wrote:
analogy games are fun, but it boils down to this... If I know the real source of an attack, I can stop it within minutes. I'm sure that my customers appreciate that fact. Noone will ever completely stop attacks, the point is to minimize their impact. that is my concern as a service provider. also, from the victim's perspective, you have someone to hold accountable.
again, spoofed or non, at the egress to the customer you just need to make the traffic stop. Whether they are spoofed isn't an issue.
It is a lot easier to stop when you know whom you have to stop. Why is uunet so opposed to uRPF? If performance concerns, what effort has been made to address them with the vendor? Why is it that others (I believe ATT was mentioned) can do it with no apparent performance impact? Is it philosophical, and nothing would get you to change? What about financial, more dos traffic equals more revenue and bad sources means complaints may go elsewhere deflecting cost from the abuse/security budget? Do you just not like us? Let's solve whatever issues you believe to exist, so we can do _something_ rather than sitting around not doing anything all the time. What would it take to get uunet to do something? What about the other large isps? What would it take for you to do something? Chris is gracious enough to show up and participate, at least even if it does mean he has to wear nomex.