|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical RE: no ip forged-source-address
> analogy games are fun, but it boils down to this... If I know the real > source of an attack, I can stop it within minutes. the real source of the attack is the skript kitty who zombied the 10,000 hosts which are sourcing packets at you. the intermediate sources are the 10,000 zombies, and trying to deal with them at the source just does not scale. though i sympathize with the frustration the attack victim feels, i find the net.vigilanteeism amusing at best and misdirecting of people's efforts at worst. the places where the counter-attack is scalable are at the real perp and at the attacked site. finding the former is still a matter of research. the known scalable counter to the latter is still <http://nanog.org/mtg-0102/bellovin.html>. randy
|