North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Source address validation (was Re: UUNet Offer New Protection
[email protected] (Sean Donelan) writes: > SAV doesn't tell you where the packets came from. At best SAV tells you > where the packets didn't come from. ...which is incredibly more valuable than not knowing anything at all. > You would be wrong. There are networks that have deployed SAV/uRPF. > > They saw no _net_ savings. > > In the real world, it costs more to deploy and maintain SAV/uRPF. in the therefore-unreal world i live in, the ability to tell a GWF ("goober with firewall") that the incident report they sent our noc could not possibly have come from here, is a net cost savings over having to prove it every time. > Have you noticed this thread is full of people who don't run large > networks saying other people who do run networks should deploy SAV/uRPF. distinguishingly, i do help run a network, and i'm not limiting my accusation ("you guys are slackers") to uPRF-free networks of any particular size ("big"). -- Paul Vixie
|