BCP38 making it work, solving problems
Mark Andrews
Mark_Andrews at isc.org
Wed Oct 20 00:12:11 UTC 2004
>dropped over it's 25 day uptime:
>
> RPF Failures: Packets: 34889152, Bytes: 12838806927
> RPF Failures: Packets: 4200, Bytes: 449923
> RPF Failures: Packets: 3066337401, Bytes: 122772518288
> RPF Failures: Packets: 30954487, Bytes: 3272647457
> RPF Failures: Packets: 4707582841, Bytes: 227001949225
> RPF Failures: Packets: 11291931, Bytes: 643099278
> RPF Failures: Packets: 291592413, Bytes: 20642951232
> RPF Failures: Packets: 380355, Bytes: 22616137
> RPF Failures: Packets: 607543, Bytes: 31687907
> RPF Failures: Packets: 0, Bytes: 0
> RPF Failures: Packets: 91, Bytes: 6978
> RPF Failures: Packets: 0, Bytes: 0
> RPF Failures: Packets: 0, Bytes: 0
> RPF Failures: Packets: 2, Bytes: 80
> RPF Failures: Packets: 13904, Bytes: 1093686
>
> this means the junk isn't reaching root servers, peers, or
>our customers. mitigating the need to carry this traffic when it
>is of (virtually) no use.
>
And those you do see it indicates a misconfigured / compromised
system.
A compromised system that is sending spoofed traffic can
also launch attacks using regular traffic. Think of this
as a early warning system.
The same with those ISP's that block outbound port 25.
Think of it as a early warning system. The customer is
misconfigured or compromised. You need to find out which.
[This is not to say that I agree with the practice of blocking
port 25]
Apply the same logic to anything else you filter outbound.
More information about the NANOG
mailing list