Todd Underwood was a little late

William Herrin bill at herrin.us
Fri Jun 18 08:06:56 CDT 2010


On Fri, Jun 18, 2010 at 8:37 AM, Steve Bertrand <steve at ipv6canada.com> wrote:
> On 2010.06.17 17:10, William Herrin wrote:
>> Reverse path filtering + asymmetric routing = epic fail. Jon did say
>> Multihomed customer.
>
> If all IP blocks are tied down to null, and urpf is enabled in loose
> mode on an interface, it will catch cases where someone is sourcing
> traffic to you using IPs from the unassigned space that you have in your
> free pools.

Hi Steve,

I'm not sure what that accomplishes. It doesn't close any doors. With
loose-mode RPF he can still forge packets from any address actually in
use.


> Every month or so I re-route my blackholed traffic to a sinkhole, and
> more often than not, I see some ingress traffic from my unassigned space.

You'd be better off pointing the forward routes at a packet logger so
you can gain some insight into who is scanning the network,
particularly when the scanner actually is internal.

Regards,
Bill Herrin


-- 
William D. Herrin ................ herrin at dirtside.com  bill at herrin.us
3005 Crane Dr. ...................... Web: <http://bill.herrin.us/>
Falls Church, VA 22042-3004




More information about the NANOG mailing list