Working vulnerability? (Cisco exploit)

Paul Vixie paul at vix.com
Sat Jul 19 15:16:18 UTC 2003


> >I'd estimate than less than a tenth of a percent (that's 0.1%) of
> >edge paths use RPF, even though BCP38 states the case clearly and the
> >technology makes it easy

> "Makes it easy" if you live in an Internet with a number of routes
> significantly less than the limit imposed for having stable RPF
> enabled on your devices, or have devices without bugs in RPF checking
> when said limit is spotted vaguely across the horizon.

since those are two very common beliefs about BCP38 deployment, i'm going
to leave it to barry to repost his standard answers to them, once he's gotten
some sleep.

> I dont seem to be in either of those places. (Although I have not
> sacrificed a router in the last upgrade version or two to see if things
> have improved.)

please do, and please post your results, as an example to others.



More information about the NANOG mailing list