From: Barrie Dempster (barrie@reboot-robot.net)
Date: Thu Jan 20 2005 - 11:06:19 EST
On Sat, 2005-01-15 at 12:03 -0500, Steven wrote:
> Would it not be safe to say that a large amount of this issue could be
> mitigated if ISPs and/or those links above them took a more responsible
> approach to packet handling? Wouldn't the whole issue (problem) of spoofed
> packets be handled if they were quashed at the start instead of the end?
> Perhaps I don't understand enough here, but it seems that initially
> routers/switches should have the capability to drop packets that could not
> have originated from their own network. If new equipment had the option to
> enforce this or had it automatically built in, would this not severely
> mitigate some of this issue? Is there a reason why spoofed packets should
> be able to make their way off a LAN and across the world?
You understand this fine. It's perfectly acceptable for an ISP to do
this and it's not difficult to implement in their ACLs. Some ISP's do
this already but they are a minority. IMO ISP's should do this as
standard, but most wont.
> Perhaps this would only hold up so long until someone decided to make all
> DDoS spoof the packet from the same network but just a different host
> address. Then maybe it would be possible to have the first router check if
> the source address of the packet exactly matches where it is actually coming
> from some how and not just that the network is valid.
Doesn't matter, if you can track it to the ISP then the ISP techs can
monitor their network and see exactly where it's coming from. You
couldn't bypass the protection in this way as, when you get to the
source ISP, recognising the customer is trivial and then finding the
specific box just takes time.
> Perhaps I just have a weak understanding of how this works and it cannot be
> solved so easily, but it appears that if that "some" of this is not so hard
> to stop. If what I have proposed is possibly and not being implemented on a
> wide scale, then why isn't it?
> Steven
Simply because the public mostly doesn't care and the public are the
customers. As more customers have trouble with this then the ISPs
probably will make changes. Until then they don't see this as a
financially beneficial measure.
With Regards..
Barrie Dempster (zeedo) - Fortiter et Strenue
[ gpg --recv-keys --keyserver www.keyserver.net 0x96025FD0 ]
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:14 EDT