Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

RE: dsl providers that will route /24

  • From: David Schwartz
  • Date: Thu Mar 29 21:49:48 2001


> On Thu, 29 Mar 2001 15:08:24 PST, David Schwartz said:
> > 	So long as spoofing is possible, you cannot be sure where
> > an attack came

> And spoofing is possible because people don't filter.

	No, spoofing is possible because the protocol has no source authentication
capability.

> > from unless you can either log it at its source or trace the
> > stream to its
> > source. That's the problem, and filters don't fix that.

> So we shouldn't filter at the source because we can't fix the
> problem unless we're filtering at the source?

	I never said people shouldn't filter. I've always maintained that filters
are a useful tool. Filters just don't solve this particular problem.

> Or are you saying that because seat belts fail 1% of the time, we
> shouldn't use them to help in the other 99% of the crashes?

	No. I'm saying that so long as spoofing is possible without detection, you
can never be sure where an attack is really coming from without cooperation
from the source network.

	These are real problems, and filtering doesn't solve them.

	DS






Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.