North American Network Operators Group|
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Re: Source address validation (was Re: UUNet Offer New Protection Against DDoS)
- From: Paul Vixie
- Date: Sat Mar 06 23:36:52 2004
> buying screen doors for igloos may not be the best use of resources. uRPF
> doesn't actually prevent any attacks.
actually, it would. universal uRPF would stop some attacks, and it would
remove a "plan B" option for some attack-flowcharts. i would *much* rather
play defense without facing this latent weapon available to the offense.
> Would you rather ISPs spend money to
> 1. Deploying S-BGP?
> 2. Deploying uRPF?
> 3. Respond to incident reports?
and i can remember being sick and tired of competing (on price, no less)
against providers who couldn't/wouldn't do #2 or #3. i'm out of the isp
business at the moment, but the "race to the bottom" mentality is still
a pain in my hindquarters, both present and remembered.