Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Source address validation (was Re: UUNet Offer New ProtectionAgainst DDoS)

  • From: Laurence F. Sheldon, Jr.
  • Date: Sun Mar 07 13:18:14 2004

fingers wrote:

just a question

why is DDoS the only issue mentioned wrt source address validation?

i'm sure there's other reasons to make sure your customers can't send
spoofed packets. they might not always be as news-worthy, but i feel it's
a provider's duty to do this. it shouldn't be optional (talking
specifically about urpf on customer interfaces, loose where needed)

Because _Distributed_ is the hot buzzword of the day.

At least one of us thinks clean traffic is a Good Thing all the time.

Packets that can't possibley be used for anything ought to be dumped at
the earliest possible opportunity as soon as it is apparent (or could
be if anybody looked) that they are "from" addresses that can't be
reached or have any other obviously fatal defect.







Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.