Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Source address validation (was Re: UUNet Offer New ProtectionAgainst DDoS)

  • From: Christopher L. Morrow
  • Date: Sun Mar 07 15:38:30 2004


On Sun, 7 Mar 2004, fingers wrote:

>
> just a question
>
> why is DDoS the only issue mentioned wrt source address validation?

its easier to discuss than other things... for instance the number of
broken vpn/nat systems out there that uRPF will break. Also, the folks
with private addressed cores that will start appearing 'broken' when
traceroute/unreachables stop working across their networks...

>
> i'm sure there's other reasons to make sure your customers can't send
> spoofed packets. they might not always be as news-worthy, but i feel it's
> a provider's duty to do this. it shouldn't be optional (talking
> specifically about urpf on customer interfaces, loose where needed)
>

I'm not sure that anyone would argue that uRPF is bad, the arguement is in
it's placement. I do think that part still needs to be worked out, that
and making sure that your equipment can handle the task. There are
certainly some people hampered by early adoption of some technologies
which they can't get out from under in any reasonable fashion.



--Chris
(formerly chris@uu.net)
#######################################################
## UUNET Technologies, Inc.                          ##
## Manager                                           ##
## Customer Router Security Engineering Team         ##
## (W)703-886-3823 (C)703-338-7319                   ##
#######################################################




Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.