[e2e] DDoS attack vs. Spoofing of Source Address

Joe Touch touch at ISI.EDU
Wed Jan 18 16:45:58 PST 2006



John Kristoff wrote:
> On Wed, 18 Jan 2006 15:09:14 +0000
> "rishi jethwa" <rishi_jethwa at hotmail.com> wrote:
....
>> But as of now there is no general consensus  on employing ingress
>> filtering. All they want is to concentrate on effciency  of moving
>> packets.
> 
> Actually I think there is consensus that anti-spoof filtering is
> generally a good idea, but the reason it isn't ubiquitous is usually
> because of practical limitations (e.g. equipment support and complex
> network configurations).

One practical limit is that ingress filtering works only if every router
can be trusted to participate. Routers that do not are places where the
traffic can enter, after which point ingress filtering won't help (for
that traffic). The lack of a trusted ubiquitous deployment is the reason
it isn't a good solution, which is further why it isn't ubiquitous (a
bit of a catch-22).

...
>> Yes, spoofing is the main reason for the presense of DoS  attack.
> 
> Again, not true.  In, spoofing appears to have waned considerably
> over the past few years.  Here is just one confirmation of that (see
> slide number 3):
> 
>   <http://www.nanog.org/mtg-0501/deitrich.html>

These slides refer to bogon traffic - with source addresses that are
reserved (e.g. Martians) or unallocated.  Spoofing a bogon address would
not be useful (it can be trapped at any router); perhaps you meant some
other slides?

Joe

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 250 bytes
Desc: OpenPGP digital signature
Url : http://www.postel.org/pipermail/end2end-interest/attachments/20060118/09bee5c3/signature.bin


More information about the end2end-interest mailing list