|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical RE: dsl providers that will route /24
> On Thu, 29 Mar 2001 15:08:24 PST, David Schwartz said: > > So long as spoofing is possible, you cannot be sure where > > an attack came > And spoofing is possible because people don't filter. No, spoofing is possible because the protocol has no source authentication capability. > > from unless you can either log it at its source or trace the > > stream to its > > source. That's the problem, and filters don't fix that. > So we shouldn't filter at the source because we can't fix the > problem unless we're filtering at the source? I never said people shouldn't filter. I've always maintained that filters are a useful tool. Filters just don't solve this particular problem. > Or are you saying that because seat belts fail 1% of the time, we > shouldn't use them to help in the other 99% of the crashes? No. I'm saying that so long as spoofing is possible without detection, you can never be sure where an attack is really coming from without cooperation from the source network. These are real problems, and filtering doesn't solve them. DS
|