On Wed, 30 Oct 2002, Charles D Hammonds wrote:
analogy games are fun, but it boils down to this... If I know the real source of an attack, I can stop it within minutes. I'm sure that my customers appreciate that fact. Noone will ever completely stop attacks, the point is to minimize their impact. that is my concern as a service provider. also, from the victim's perspective, you have someone to hold accountable.
again, spoofed or non, at the egress to the customer you just need to make the traffic stop. Whether they are spoofed isn't an issue.
Charles
-----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu]On Behalf Of Christopher L. Morrow Sent: Wednesday, October 30, 2002 10:47 PM To: Valdis.Kletnieks@vt.edu Cc: Christopher L. Morrow; nanog@nanog.org Subject: Re: no ip forged-source-address
On Thu, 31 Oct 2002 Valdis.Kletnieks@vt.edu wrote:
On Thu, 31 Oct 2002 06:21:00 GMT, "Christopher L. Morrow" said:
I'm confused.. its still a DoS attack, eh??
It's the difference between:
A) Going out to your car at the end of a too-long day and finding a broken taillight.
B) Going out to your car at the end of a too-long day and finding a broken taillight and a business card under the windshield wiper that has "Sorry - call me and I'll pay for it" written on the back.
I think the spoofed source filtering is more a red-herring than anything else. Its not the fix for anything related to this problem of attacks on the internet. Spoofed or non, I can forward 1,000,000pps at your network and it will die (most times).
This is like trying to fix a rotten decayed tooth with trident.