North American Network Operators Group
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Historical
RE: no ip forged-source-address
- From: Randy Bush
- Date: Thu Oct 31 08:24:57 2002
> analogy games are fun, but it boils down to this... If I know the real
> source of an attack, I can stop it within minutes.
the real source of the attack is the skript kitty who zombied the 10,000
hosts which are sourcing packets at you. the intermediate sources are the
10,000 zombies, and trying to deal with them at the source just does not
scale. though i sympathize with the frustration the attack victim feels,
i find the net.vigilanteeism amusing at best and misdirecting of people's
efforts at worst. the places where the counter-attack is scalable are
at the real perp and at the attacked site. finding the former is still
a matter of research. the known scalable counter to the latter is still
<http://nanog.org/mtg-0102/bellovin.html>.
randy
|
