i'm surprised there has been no discussion of turning off source routing on major backbones to help alleviate this problem. all of the focus seems to be on the edges of the networks when in fact the attackers are "running right up the middle". i'm not disagreeing that providers need to filter on the edges but the "big guys" are just as responsible as the "little guys". i know what a can of worms this is because source routing is quite useful in tracking down network and routing problems but it seems to me the danger it imposes today outweighs it's usefulness. -brett
In message <199609180636.XAA01860@batcave.genuity.net>, "Brett D. Watson" write s:
i'm surprised there has been no discussion of turning off source routing on major backbones to help alleviate this problem. all of the focus seems to be on the edges of the networks when in fact the attackers are "running right up the middle". i'm not disagreeing that providers need to filter on the edges but the "big guys" are just as responsible as the "little guys".
i know what a can of worms this is because source routing is quite useful in tracking down network and routing problems but it seems to me the danger it imposes today outweighs it's usefulness.
-brett
If source routing is blocked at the end site it doesn't help any toturn it off in the backbones and turning it off destroys the ability to trace routing problems that customers report (short of finger pointing to another provider or giving the customer the run around by successive handoffs to other NOCs debugging, any "I can't get there from here" is sort of hopeless if you can't traceroute -g). Curtis
participants (2)
-
Brett D. Watson
-
Curtis Villamizar