On the back of other 'security' posts....
Scott Francis
darkuncle at darkuncle.net
Wed Sep 3 21:07:43 UTC 2003
On Sun, Aug 31, 2003 at 02:34:28PM -0700, owen at delong.com said:
[snip]
> What you are saying works only so long as none of your edge connections
> represent a significant portion of the internet. How do you anti-spoof,
> for example, a peering link with SPRINT or UUNET? It's not realistic
> to think that you know which addresses could or could not legitimately
> come from them.
another poster wrote that the spoofed traffic he was seeing was coming from
0.0.0.4 - 40.0.0.0 in .4 increments ... simple bogon filtering would get rid
of a good chunk of that space. Granted, it's a small subset of anti-spoof
filtering, but there are still networks out there that don't even make _that_
best effort.
If folks would simply make the best effort they could, given their situation,
the Internet as a whole would be a dramatically nicer place. That best effort
will vary greatly by situation, but even a partial attempt is better than
none at all.
--
Scott Francis || darkuncle (at) darkuncle (dot) net
illum oportet crescere me autem minui
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20030903/0931fd8b/attachment.sig>
More information about the NANOG
mailing list