Home page logo

nanog logo nanog mailing list archives

Re: WANTED: ISPs with DDoS defense solutions
From: "Christopher L. Morrow" <chris () UU NET>
Date: Wed, 6 Aug 2003 01:36:03 +0000 (GMT)

On Wed, 6 Aug 2003, Paul Vixie wrote:

More and more there is less and less spoofing, its just not required and
it causes more damage with less effort :( Why spoof when you have 1000
machines pumping 1 packet per second? (or 10)

leaving the spoofing option open for future generations of attacks,
rather than having a witch-hunt and tracking down and upgrading every
insecure edge, is just about the worst thing we could do.  because
when an attacker wants an extra edge, they'll add spoofing to their
attack profile, and the core's immune system will be totally unprepared.

I don't believe I ever said that the edges shouldn't filter... did I?

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]