[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [interesting-people Home]
Subject: IP: more on Internet Attacks and Critical Infrastructure Protectio n]
>X-Mailer: exmh version 2.1.1 10/15/1999 >From: "Steven M. Bellovin" <smb@research.att.com> >To: Dave Farber <farber@cis.upenn.edu> >\ > >Dave -- someone forwarded to me Stewart Baker's comments on network >authentication. I think there's a serious misunderstanding of what happened. > >Fundamentally, this latest round of attacks was on the recipient's network >bandwidth. Very few of the packets actually reached the destination; whether >or not they were authenticatable was completely irrelevant to the attacker. >The packets did their harm just by the attempt to deliver them to the >victim. >In fact, mandatory authentication could make things worse, by creating new >denial of service attacks. After all, cryptographic authentication is >expensive, while emitting random packets is not. > >To be sure, ISPs can and should deploy anti-spoof filters on their access >routers. (This is an IETF Best Current Practice, as spelled out in RFC >2267.) >By blocking forged source addresses, attacks can easily be blocked or traced >back to their origin. And doing this does not hurt customer privacy, since >the source ISP already must know all legal addresses for each customer. > > > --Steve Bellovin >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [interesting-people Home]
Powered by eList eXpress LLC