North American Network Operators Group|
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Re: what's that smell?
- From: Iljitsch van Beijnum
- Date: Tue Oct 08 10:42:45 2002
On Tue, 8 Oct 2002, Kelly J. Cooper wrote:
> Also, egress filtering is NOT easy,
I don't care. And it doesn't have to be egress filtering as such,
filtering packets you receive from your customers will work just as well.
> Plus, lots of attacks these days are mixing spoofed and legit traffic,
> or doing limited spoofing (i.e. picking random addresses on the LAN
> where they originate to make it past filters).
What's your point? That because someone can do bad thing #1 that can't be
prevented, we should allow them to do bad thing #2 that can?
If they use (semi-) legitmate addresses, at the very least I can track
them and with some effort I can filter them. If they spoof then I can't do
anything. This is not acceptable.