Force10 Gear - Opinions

• Previous message (by thread): Force10 Gear - Opinions
• Next message (by thread): BCP38 dismissal
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> uRPF strict as a configuration default, on customers without possible
> asymmetry (multihoming, one-way tunneling, etc) is not a bad default.
> But when the customers increase in complexity, the time might come to
> relax things some.  It's certainly not a be-all-end-all.  And it's
> been demonstrated time after time here that anti-spoof/bogon filtering
> isn't even a factor in most large-scale attacks on the public Internet
> these days.  Think massively sized, well connected, botnets.  See also
> CP attacks (which, again, the F10 can't even help you with).

Indeed... In today's internet, protecting your own box (cp-policer/control
plane filtering) is far more important IMO than implementing BCP38 when much
of attack traffic comes from legitimate IP sources anyway (see botnets). 

james

• Previous message (by thread): Force10 Gear - Opinions
• Next message (by thread): BCP38 dismissal
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]