|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Source address validation (was Re: UUNet Offer New Protection
SD> Date: Sun, 7 Mar 2004 17:47:09 -0500 (EST) SD> From: Sean Donelan SD> In practice, GWF's ... send reports about packets which have SD> our IP addresses, but didn't originate here. The last thing Probably because someone else failed to implement SAV. If $origin_net prevented spoofing your IP space, you'd not have had the problem. If other networks prevented spoofed sources, nobody else could source a packet from your address space. In this case, a packet apparently sourced from you network definitely would have come from your network. Therefore you'd no longer need to check to see if a packet was spoofed. Notice how AS_PATHs and netblock announcements tend to get filter. Why? SD> you want to admit is you do SAV because GWF think SAV means SD> every packet with that source address must have originated SD> here. Uh, no... a spoofed packet from someone else's network means you had no control over it. That's pretty obvious. Eddy -- EverQuick Internet - http://www.everquick.net/ A division of Brotsman & Dreger, Inc. - http://www.brotsman.com/ Bandwidth, consulting, e-commerce, hosting, and network building Phone: +1 785 865 5885 Lawrence and [inter]national Phone: +1 316 794 8922 Wichita _________________________________________________________________ DO NOT send mail to the following addresses : [email protected] -or- [email protected] -or- [email protected] Sending mail to spambait addresses is a great way to get blocked.
|