On Thu, 29 Mar 2001, David Schwartz spewed:
If they were spoofed, they wouldn't have to because we'd already be investigating. And even if they're not spoofed, you can't know they're not spoofed, so there's no way to know you got the right person.
WTF?: Yes we CAN tell if they're spoofed. It's easy. If EVERYONE stops peering with and listening to announcements from dumb@$$ operators who refuse to implement PREVENTATIVE measures. It's just that simple. Modify peering and transit agreements to include a "If you're a dumbass, we shut your silly ass off!" clause. David, don't bank on peering or obtaining transit from ANYONE that I have ANY influence on.
Well that's the real problem. Every attack is potentially spoofed and there are no good tools for dealing with spoofed attacks. Filtering doesn't solve either of those two problems.
They are ONLY potentially spoofed because there are STILL lame operators like yourself out there that refuse to implement PREVENTATIVE MEASURES!
Again, no. A unicast UDP flood can do just as much damage. So filters do not reduce the damage.
How's that? The last time I checked, my "are you a customer" filters worked against both TCP and UDP. It sounds like you're just LAZY. Do you mind if I quote you to the next reporter who calls?
And until we get a really good solution, a really good workaround is not letting spoofed packets into your network from your customers.
Exactly -- the problem is there's no good way to tell a spoofed packet from an unspoofed packet. Some form of source authentication would solve that.
Um, David... Do you actually READ the list or do you just randomly reply? Here's a clue for you. 1) Require that your customers notify you of any source addresses that they'll be using *PRIOR* to allowing them through. Tunneling is MUCH more rare than spoofing. 2) Require that your customers (BGP speakers) register their networks in RADB or whichever database you choose. (Don't worry. From the sounds of it, NONE of us want your customers...the spoofing b@$tard$...and as such, we're not really interested in who they are beyond filtering them.)
DS
..still not going there. --- John Fraizer EnterZone, Inc