North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: Source address validation (was Re: UUNet Offer New ProtectionAgainst DDoS)
SD> Date: Sun, 7 Mar 2004 16:17:50 -0500 (EST) SD> From: Sean Donelan SD> SAV doesn't tell you where the packets came from. At best SD> SAV tells you where the packets didn't come from. If SAV were universal, source addresses could not be spoofed. If source addresses could not be spoofed... SD> You would be wrong. There are networks that have deployed SD> SAV/uRPF. Some. I said "all". SD> They saw no _net_ savings. SD> SD> In the real world, it costs more to deploy and maintain SD> SAV/uRPF. The benefit is to other networks. When other networks make your life easier, you benefit. If you want others to help you, help them. SD> Have you noticed this thread is full of people who don't run SD> large networks saying other people who do run networks should SD> deploy SAV/uRPF. 1. SAV is most effective at the edge, which often implies the smaller networks should be doing it 2. I've not seen large networks talking about their awful experiences with SAV. Eddy -- EverQuick Internet - http://www.everquick.net/ A division of Brotsman & Dreger, Inc. - http://www.brotsman.com/ Bandwidth, consulting, e-commerce, hosting, and network building Phone: +1 785 865 5885 Lawrence and [inter]national Phone: +1 316 794 8922 Wichita _________________________________________________________________ DO NOT send mail to the following addresses : firstname.lastname@example.org -or- email@example.com -or- firstname.lastname@example.org Sending mail to spambait addresses is a great way to get blocked.