North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: WANTED: ISPs with DDoS defense solutions
On Wed, 6 Aug 2003, Paul Vixie wrote: > > > More and more there is less and less spoofing, its just not required and > > it causes more damage with less effort :( Why spoof when you have 1000 > > machines pumping 1 packet per second? (or 10) > > leaving the spoofing option open for future generations of attacks, > rather than having a witch-hunt and tracking down and upgrading every > insecure edge, is just about the worst thing we could do. because > when an attacker wants an extra edge, they'll add spoofing to their > attack profile, and the core's immune system will be totally unprepared. I don't believe I ever said that the edges shouldn't filter... did I?
|