[e2e] DDoS attack vs. Spoofing of Source Address
Clark Gaylord
gaylord at dirtcheapemail.com
Thu Jan 26 05:57:17 PST 2006
On Thu, 19 Jan 2006 16:43:23 -0800, "Fred Baker" <fred at cisco.com> said:
> argue is my incentive to deploy it. In limiting spoofing, I partially
> mitigate certain classes of attacks as close to their source as I can
> put it.
I want this all the way to the host port.
Some implement this with DHCP snooping. This is fine in the 0.01% of
the cases where this method is deployable and effective. ARP snooping
is better, but still just another bolt to throw into our big old bucket
of bolts. The issue is, how can we throw out the bucket?
I have some ideas here, but don't have enough space in the margin of
this book. This will be discussed at JointTechs, for those who will be
there.
--ckg
--
Clark Gaylord
Blacksburg, VA USA
gaylord at dirtcheapemail.com
More information about the end2end-interest
mailing list