Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Source address validation (was Re: UUNet Offer New Protection Against DDoS)

  • From: Paul Vixie
  • Date: Sat Mar 06 21:13:46 2004

> After all these years, perhaps its time to re-examine the assumptions.

it's always fun and useful to re-example assumptions.  for example, anyone
who assumes that because the attacks they happen to see, or the attacks
they hear about lately, don't use spoofed source addresses -- that spoofing
is no longer a problem, needs to re-examine that assumption.

for one thing, spoofed sources could be occurring outside local viewing.

for another thing, spoofed sources could be "plan B" when other attacks
aren't effective.

the last thing is, this is war.  information warfare.  the enemy knows us
better than we know them, and their cost of failure is drastically lower
than our cost of failure.

don't be lulled into some kind of false sense of security by the fact
that YOU are not seeing spoofed packets TODAY.  let's close the doors we
CAN close, and give attackers fewer options.





Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.