Todd Underwood was a little late
bill at herrin.us
Fri Jun 18 08:06:56 CDT 2010
On Fri, Jun 18, 2010 at 8:37 AM, Steve Bertrand <steve at ipv6canada.com> wrote:
> On 2010.06.17 17:10, William Herrin wrote:
>> Reverse path filtering + asymmetric routing = epic fail. Jon did say
>> Multihomed customer.
> If all IP blocks are tied down to null, and urpf is enabled in loose
> mode on an interface, it will catch cases where someone is sourcing
> traffic to you using IPs from the unassigned space that you have in your
> free pools.
I'm not sure what that accomplishes. It doesn't close any doors. With
loose-mode RPF he can still forge packets from any address actually in
> Every month or so I re-route my blackholed traffic to a sinkhole, and
> more often than not, I see some ingress traffic from my unassigned space.
You'd be better off pointing the forward routes at a packet logger so
you can gain some insight into who is scanning the network,
particularly when the scanner actually is internal.
William D. Herrin ................ herrin at dirtside.com bill at herrin.us
3005 Crane Dr. ...................... Web: <http://bill.herrin.us/>
Falls Church, VA 22042-3004
More information about the NANOG