Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Source address validation (was Re: UUNet Offer New Protection

  • From: E.B. Dreger
  • Date: Sun Mar 07 20:24:27 2004

SD> Date: Sun, 7 Mar 2004 17:47:09 -0500 (EST)
SD> From: Sean Donelan

SD> In practice, GWF's ... send reports about packets which have
SD> our IP addresses, but didn't originate here.  The last thing

Probably because someone else failed to implement SAV.  If
$origin_net prevented spoofing your IP space, you'd not have had
the problem.

If other networks prevented spoofed sources, nobody else could
source a packet from your address space.  In this case, a packet
apparently sourced from you network definitely would have come
from your network.  Therefore you'd no longer need to check to
see if a packet was spoofed.

Notice how AS_PATHs and netblock announcements tend to get
filter.  Why?

SD> you want to admit is you do SAV because GWF think SAV means
SD> every packet with that source address must have originated
SD> here.

Uh, no... a spoofed packet from someone else's network means you
had no control over it.  That's pretty obvious.

EverQuick Internet -
A division of Brotsman & Dreger, Inc. -
Bandwidth, consulting, e-commerce, hosting, and network building
Phone: +1 785 865 5885 Lawrence and [inter]national
Phone: +1 316 794 8922 Wichita
          DO NOT send mail to the following addresses : -or- -or-
Sending mail to spambait addresses is a great way to get blocked.

Discussion Communities

About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home

Merit Network, Inc.