North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: filtering spoofed addresses cheaply
On Sat, Apr 25, 1998 at 11:47:00PM -0700, Randy Bush wrote: > one view is that the clue is in the core where it is too late to fix it. > and the place it needs to be fixed is at the edges, where the tools are weak > and the clues seem (given empirical evidence) too few and far apart. this > will change very slowly as market forces move clue toward the edges (on the > backs of flying pigs) or the edges wither. > > another view is that the site of the cause is not where the pain of the > effect is felt. hence the incentive to fix is small. this would seem only > susceptible to vigilante acts, which is not cool. better ideas welcome. > > randy Well, yes and no. Blocking the amplifiers, forcing them to repent and fix their routers (or lose connectivity) WORKS Randy. I'm living proof, because what was a nightly out-of-service condition on our IRC server is now NOT one. Without the amplifiers, the source spoofing is useless. Yes, I know its not hte real problem, but trying to get Lucent and ASCEND in particular to fix this has proven fruitless over more than a year. All that is left is interdiction; its not perfect, but folks, it WORKS. -- -- Karl Denninger ([email protected])| MCSNet - Serving Chicagoland and Wisconsin http://www.mcs.net/ | T1's from $600 monthly / All Lines K56Flex/DOV | NEW! Corporate ISDN Prices dropped by up to 50%! Voice: [+1 312 803-MCS1 x219]| EXCLUSIVE NEW FEATURE ON ALL PERSONAL ACCOUNTS Fax: [+1 312 803-4929] | *SPAMBLOCK* Technology now included at no cost
|