|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical RE: no ip forged-source-address
analogy games are fun, but it boils down to this... If I know the real source of an attack, I can stop it within minutes. I'm sure that my customers appreciate that fact. Noone will ever completely stop attacks, the point is to minimize their impact. that is my concern as a service provider. also, from the victim's perspective, you have someone to hold accountable. Charles -----Original Message----- From: [email protected] [mailto:[email protected]]On Behalf Of Christopher L. Morrow Sent: Wednesday, October 30, 2002 10:47 PM To: [email protected] Cc: Christopher L. Morrow; [email protected] Subject: Re: no ip forged-source-address On Thu, 31 Oct 2002 [email protected] wrote: > On Thu, 31 Oct 2002 06:21:00 GMT, "Christopher L. Morrow" said: > > > I'm confused.. its still a DoS attack, eh?? > > It's the difference between: > > A) Going out to your car at the end of a too-long day and finding a > broken taillight. > > B) Going out to your car at the end of a too-long day and finding a > broken taillight and a business card under the windshield wiper that > has "Sorry - call me and I'll pay for it" written on the back. > I think the spoofed source filtering is more a red-herring than anything else. Its not the fix for anything related to this problem of attacks on the internet. Spoofed or non, I can forward 1,000,000pps at your network and it will die (most times). This is like trying to fix a rotten decayed tooth with trident.
|