Todd Underwood was a little late

William Herrin bill at
Fri Jun 18 13:06:56 UTC 2010

On Fri, Jun 18, 2010 at 8:37 AM, Steve Bertrand <steve at> wrote:
> On 2010.06.17 17:10, William Herrin wrote:
>> Reverse path filtering + asymmetric routing = epic fail. Jon did say
>> Multihomed customer.
> If all IP blocks are tied down to null, and urpf is enabled in loose
> mode on an interface, it will catch cases where someone is sourcing
> traffic to you using IPs from the unassigned space that you have in your
> free pools.

Hi Steve,

I'm not sure what that accomplishes. It doesn't close any doors. With
loose-mode RPF he can still forge packets from any address actually in

> Every month or so I re-route my blackholed traffic to a sinkhole, and
> more often than not, I see some ingress traffic from my unassigned space.

You'd be better off pointing the forward routes at a packet logger so
you can gain some insight into who is scanning the network,
particularly when the scanner actually is internal.

Bill Herrin

William D. Herrin ................ herrin at  bill at
3005 Crane Dr. ...................... Web: <>
Falls Church, VA 22042-3004

More information about the NANOG mailing list