Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Source address validation (was Re: UUNet Offer New Protection Against DDoS)

  • From: Paul Vixie
  • Date: Sat Mar 06 23:36:52 2004

> ...
> buying screen doors for igloos may not be the best use of resources.  uRPF
> doesn't actually prevent any attacks.

actually, it would.  universal uRPF would stop some attacks, and it would
remove a "plan B" option for some attack-flowcharts.  i would *much* rather
play defense without facing this latent weapon available to the offense.

> Would you rather ISPs spend money to
> 	1. Deploying S-BGP?
> 	2. Deploying uRPF?
> 	3. Respond to incident reports?

"yes."

and i can remember being sick and tired of competing (on price, no less)
against providers who couldn't/wouldn't do #2 or #3.  i'm out of the isp
business at the moment, but the "race to the bottom" mentality is still
a pain in my hindquarters, both present and remembered.




Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.