Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Source address validation (was Re: UUNet Offer New Protection AgainstDDoS)

  • From: Sean Donelan
  • Date: Sat Mar 06 18:41:39 2004

On Sat, 6 Mar 2004, Paul Vixie wrote:
> (and according to that text, it was a 9-year-old idea at that time.)
>
> it's now 2004.  how much longer do we want to have this problem?

Source address validation (or Cisco's term uRPF) is perhaps more widely
deployed than people realize.  Its not 100%, but what's interesting is
despite its use, it appears to have had very little impact on DDOS or
lots of other bad things.

Root and other DNS servers bear the brunt of misconfigured (not
necessarily malicious attack) devices.  So some people's point of
view may be different.  But relatively few DDOS attacks use spoofed
packets.  If more did, they would be easier to deal with.

After all these years, perhaps its time to re-examine the assumptions.




Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.