BCP38 making it work, solving problems

Mark Andrews Mark_Andrews at isc.org
Wed Oct 20 00:12:11 UTC 2004


>dropped over it's 25 day uptime:
>
>      RPF Failures: Packets: 34889152, Bytes: 12838806927
>      RPF Failures: Packets: 4200, Bytes: 449923
>      RPF Failures: Packets: 3066337401, Bytes: 122772518288
>      RPF Failures: Packets: 30954487, Bytes: 3272647457
>      RPF Failures: Packets: 4707582841, Bytes: 227001949225
>      RPF Failures: Packets: 11291931, Bytes: 643099278
>      RPF Failures: Packets: 291592413, Bytes: 20642951232
>      RPF Failures: Packets: 380355, Bytes: 22616137
>      RPF Failures: Packets: 607543, Bytes: 31687907
>      RPF Failures: Packets: 0, Bytes: 0
>      RPF Failures: Packets: 91, Bytes: 6978
>      RPF Failures: Packets: 0, Bytes: 0
>      RPF Failures: Packets: 0, Bytes: 0
>      RPF Failures: Packets: 2, Bytes: 80
>      RPF Failures: Packets: 13904, Bytes: 1093686
>
>	this means the junk isn't reaching root servers, peers, or
>our customers.  mitigating the need to carry this traffic when it
>is of (virtually) no use.
>
	And those you do see it indicates a misconfigured / compromised
	system.

	A compromised system that is sending spoofed traffic can
	also launch attacks using regular traffic.  Think of this
	as a early warning system.

	The same with those ISP's that block outbound port 25.
	Think of it as a early warning system.  The customer is
	misconfigured or compromised.  You need to find out which.
	[This is not to say that I agree with the practice of blocking
	port 25]

	Apply the same logic to anything else you filter outbound.



More information about the NANOG mailing list