On the back of other 'security' posts....

Scott Francis darkuncle at darkuncle.net
Wed Sep 3 21:07:43 UTC 2003


On Sun, Aug 31, 2003 at 02:34:28PM -0700, owen at delong.com said:
[snip]
> What you are saying works only so long as none of your edge connections
> represent a significant portion of the internet.  How do you anti-spoof,
> for example, a peering link with SPRINT or UUNET?  It's not realistic
> to think that you know which addresses could or could not legitimately
> come from them.

another poster wrote that the spoofed traffic he was seeing was coming from
0.0.0.4 - 40.0.0.0 in .4 increments ... simple bogon filtering would get rid
of a good chunk of that space. Granted, it's a small subset of anti-spoof
filtering, but there are still networks out there that don't even make _that_
best effort.

If folks would simply make the best effort they could, given their situation,
the Internet as a whole would be a dramatically nicer place. That best effort
will vary greatly by situation, but even a partial attempt is better than
none at all.
-- 
Scott Francis || darkuncle (at) darkuncle (dot) net
      illum oportet crescere me autem minui
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20030903/0931fd8b/attachment.sig>


More information about the NANOG mailing list