Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Source address validation (was Re: UUNet Offer New ProtectionAgainst DDoS)

  • From: E.B. Dreger
  • Date: Sun Mar 07 21:05:51 2004

CLM> Date: Mon, 8 Mar 2004 01:32:51 +0000 (GMT)
CLM> From: Christopher L. Morrow


CLM> in a perfect world yes[...]
CLM> Until this is a default behaviour and you can't screw it up
CLM> (ala directed-broadcast) this will be something we all have
CLM> to deal with.

Yes.  But the only way we'll get there is 1) a flag day or 2) if
we gradually work in that direction.


CLM> it melts routers, good enough for you? Specifically it
CLM> melts linecards :(

:-(


CLM> This is a problem that could be migrated out as new
CLM> equipment/capabilities hit everyone's networks. I suspect
CLM> that market pressure will push things in this direction
CLM> anyway over time.

...and hopefully will be safe-by-default.  Anyone who has
multihomed downstreams should be clued enough to disable strict
SAV as needed -- similar to, yet the opposite of, manually
configuring OSPF to treat interfaces as passive by default.

As for low-end routers, uRPF is supported on 26xx.  I don't know
about a 16xx or 25xx... a scary thought, but chances are such a
router would have a very small list of reachable netblocks to
check.


Eddy
--
EverQuick Internet - http://www.everquick.net/
A division of Brotsman & Dreger, Inc. - http://www.brotsman.com/
Bandwidth, consulting, e-commerce, hosting, and network building
Phone: +1 785 865 5885 Lawrence and [inter]national
Phone: +1 316 794 8922 Wichita
_________________________________________________________________
          DO NOT send mail to the following addresses :
  blacklist@brics.com -or- alfra@intc.net -or- curbjmp@intc.net
Sending mail to spambait addresses is a great way to get blocked.





Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.