On Sun, Mar 07, 2004 at 08:48:00PM +0000, Christopher L. Morrow wrote:
actually, it would. universal uRPF would stop some attacks, and it would remove a "plan B" option for some attack-flowcharts. i would *much* rather play defense without facing this latent weapon available to the offense.
I'm agreeing here, okay (yet anoter) example.. smurf attacks. These seem to be non-existent these days so shall we stop disabling 'ip directed-broadcast' on our routers?
smurf attacks are far from 'non-existent' today, however they are not as popular as in 1999-2000-2001. In fact netscan.org still shows almost 9k networks that are 'broken'.
A few of us tried (like netscan, only more agressively on a weekly basis) to find and try to get closed, smurf amplifiers in the RIPE region. We eventually gave up after closing ~20k, when the last few k refused to do anything at all. "My network is just a /30! Who cares, you're only getting TWO replies back for ONE packet, it's not like the big amplifiers! I'm not going to fix this!". To anyone with this attitude: You are an idiot. -- Avleen Vig Systems Administrator