[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Todd Underwood was a little late
On Fri, Jun 18, 2010 at 8:37 AM, Steve Bertrand <steve at ipv6canada.com> wrote:
> On 2010.06.17 17:10, William Herrin wrote:
>> Reverse path filtering + asymmetric routing = epic fail. Jon did say
>> Multihomed customer.
>
> If all IP blocks are tied down to null, and urpf is enabled in loose
> mode on an interface, it will catch cases where someone is sourcing
> traffic to you using IPs from the unassigned space that you have in your
> free pools.
Hi Steve,
I'm not sure what that accomplishes. It doesn't close any doors. With
loose-mode RPF he can still forge packets from any address actually in
use.
> Every month or so I re-route my blackholed traffic to a sinkhole, and
> more often than not, I see some ingress traffic from my unassigned space.
You'd be better off pointing the forward routes at a packet logger so
you can gain some insight into who is scanning the network,
particularly when the scanner actually is internal.
Regards,
Bill Herrin
--
William D. Herrin ................ herrin at dirtside.com bill at herrin.us
3005 Crane Dr. ...................... Web: <http://bill.herrin.us/>
Falls Church, VA 22042-3004