In message <[EMAIL PROTECTED]>
Mark Williams writes:
>
> 1. Does the forum consider spoofed source addressing to be a problem?
>
> 2. If Yes, does the forum consider it to be a problem that the IETF
> should address?
IMHO what we are hearing is:
1. Yes. Technically solved.
2. No. Already technically solved.
btw- Tracing backscatter source was also used in finding source of
"spray attacks" such as virus propogation to random addresses. Some
providers use the opposite - detection of non-routable source
addresses as a simple way to identify spoofed attacks and its source.
Enabling RPF by default may be a good idea. There are three cases.
1. Clueless or clueful provider with no assymetric routing. No
problem. RPF gets left on (on purpose or not).
2. Clueless provider with assymetric routing. This change becomes
a "clue hammer". It hurts but only on a one time router
software upgrade. The provider is forced to think about which
routers may be carrying assymetric routing. Some may turn it
off everywhere. (Vendor can say IETF made me do it and the
provider should have read the big warning on page one of the
release notes).
3. Clueful provider with assymetric routing. No problem - RFP
cannot be applied and gets disabled hopefully only where it
might be a problem and not everywhere.
The tradeoff is the gain realized by 1 (and maybe 3) vs the disruption
caused by 2. I think it was Bill Manning or Randy Bush who first said
(paraphrased from memory from circa 1992 or 1993):
The Internet is growing exponentially but the amount of clue is only
growing linearly at best; theefore the "clue density" is decreasing
exponentially.
That may be the underlying reason RPF is not enabled by default.
Curtis
_______________________________________________
Int-area mailing list
[email protected]
https://www1.ietf.org/mailman/listinfo/int-area
