10,352 active botnets (was Re: register.com down sev0?

• Previous message (by thread): 10,352 active botnets (was Re: register.com down sev0?
• Next message (by thread): register.com down sev0?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Matthew Crocker wrote:
> 
>> Maybe the new slogan needs to be "Save the Internet! Train the chimps!"
> 
> Shouldnt  'ip verify unicast source reachable-by rx' be a default 
> setting on all interfaces?  Only to be removed by trained chimps?
> 

Only if you wish to break existing configurations during IOS upgrades. I could 
see ip verify unicast source reachable-by any (less breakage), but rx will kill 
all types of good asymmetric routing. The largest breakage I have seen caused by 
rx is the link IP breakage caused by the router responding out multiple 
interfaces. It's also a problem when customers are straddling the fence, 
purposefully using asymmetric routing.

It would be nicer to have router support where a packet is acceptable if it's 
network is acceptable in the BGP (or IGP) policy/filter (ie, network may not be 
there, but it is allowed) as well as the link addresses associated with the BGP 
(or IGP) peer.

-Jack

• Previous message (by thread): 10,352 active botnets (was Re: register.com down sev0?
• Next message (by thread): register.com down sev0?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]