In message <[EMAIL PROTECTED]> "James Kempf" writes: > > Hmm, well sounds as if there may be a technical problem after > all. First, an intrusion detection problem: does this stream of > packets have forged source addresses? Then, a traceback problem: if so > where do these packets originate from?
Solved problem. Solution is not being applied by those affected. Far from a zero cost solution. Problem beat to death at IPMA meetings and discussed at least in IETF going way back. Two flavors of raw data collection, netflow and 1-in-N packet sampling. Most core routers today (afaik) are capable of doing one or both of these at line rate on 10 Gb/s interfaces (or concatenations of these). > Presuming these problems were solved, what would one do with the > information? Go to the offending ISP and ask: "Someone is forging > source addresses from your domain, can you please institute source > filtering to stop them?" Not a solved problem. Back in NSFNET days it was a "we don't want to do this but if we do it is going to hurt you a lot more than it will hurt us" situation. Not always so today and DDoS makes the job harder (multiple upstreams, potentially millions of sources). > jak Curtis _______________________________________________ Int-area mailing list [email protected] https://www1.ietf.org/mailman/listinfo/int-area
