[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Todd Underwood was a little late

Subject: Todd Underwood was a little late
From: garrett at skjelstad.org (Garrett Skjelstad)
Date: Wed, 16 Jun 2010 22:07:10 -0700
In-reply-to: <[email protected]>
References: <[email protected]> <[email protected]> <[email protected]> <[email protected]>

RFC 2827 anyone?

On Wed, Jun 16, 2010 at 9:38 PM, Roy <r.engehausen at gmail.com> wrote:

> On 6/16/2010 7:43 PM, Jon Lewis wrote:
>
>> On Thu, 17 Jun 2010, Mark Andrews wrote:
>>
>>  Why was this traffic hitting your DNS server in the first place?  It
>>> should
>>> have been rejected by the ingress filters preventing spoofing of the
>>> local
>>> network.
>>>
>>
>> When I ran a smaller simpler network, I did have input filters on our
>> transit providers rejecting packets from our IP space.  With a larger
>> network, multiple IP blocks, numerous multihomed customers, some of which
>> use IP's we've assigned them, it gets a little more complicated to do.
>>
>> I could reject at our border, packets sourced from our IP ranges with
>> exceptions for any of the IP blocks we've assigned to multihomed customers.
>>  The ACLs wouldn't be that long, or that hard to maintain.  Is this common
>> practice?
>>
>> -
>>
>
> Sounds like a good use of URPF.
>
>
>

References:
- Todd Underwood was a little late
  - From: jlewis at lewis.org (Jon Lewis)
- Todd Underwood was a little late
  - From: marka at isc.org (Mark Andrews)
- Todd Underwood was a little late
  - From: jlewis at lewis.org (Jon Lewis)
- Todd Underwood was a little late
  - From: r.engehausen at gmail.com (Roy)

Prev by Date: Todd Underwood was a little late
Next by Date: AT&T's blue network SMS<->SMTP off the air
Previous by thread: Todd Underwood was a little late
Next by thread: Todd Underwood was a little late
Index(es):
- Date
- Thread