|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical RE: dsl providers that will route /24
> > They could do almost exactly the same amount of damage with an > > unspoofed UDP flood and it would still take a human action to stop it. > > This is a false premise. I get hit with one-off attacks pretty often > (oversized pings against my NT boxes, etc.), which are impossible to > trace because of invalid source addresses. > > Source filters would mean that those attacks would be identifiable > period, which they are not now. Not so. You could still never be sure whether the attack was spoofed or not. That the address the attacks appear to come from employ source filters doesn't help you. At least if they're spoofed and the origin network logs packets that appear spoofed, the one off attack will be investigated and whatever caused it to happen will be actually fixed. If it's not spoofed, it won't trigger anything at its origin, and odds are the origin site will be unable to do anything because the attack may have been spoofed and there will be no local logs. So long as spoofing is possible, you cannot be sure where an attack came from unless you can either log it at its source or trace the stream to its source. That's the problem, and filters don't fix that. DS
|