On Thu, 29 Mar 2001 15:08:24 PST, David Schwartz said:
So long as spoofing is possible, you cannot be sure where an attack came
And spoofing is possible because people don't filter.
No, spoofing is possible because the protocol has no source authentication capability.
from unless you can either log it at its source or trace the stream to its source. That's the problem, and filters don't fix that.
So we shouldn't filter at the source because we can't fix the problem unless we're filtering at the source?
I never said people shouldn't filter. I've always maintained that filters are a useful tool. Filters just don't solve this particular problem.
Or are you saying that because seat belts fail 1% of the time, we shouldn't use them to help in the other 99% of the crashes?
No. I'm saying that so long as spoofing is possible without detection, you can never be sure where an attack is really coming from without cooperation from the source network. These are real problems, and filtering doesn't solve them. DS