Full Disclosure mailing list archives
Re: Odd packet?
From: Valdis.Kletnieks () vt edu
Date: Wed, 26 May 2004 13:44:16 -0400
On Wed, 26 May 2004 13:16:52 EDT, you said:
Well, when you're cranking gigabits sometimes those little checks can become a bottleneck.
Especially on older Cisco gear. However, it's been a few years since their stuff wasn't able to do at least basic filtering at line speed (and Juniper has always been good at line-rate stuff). I haven't heard if the newly announced Ciscos are able to do filtering on their OC768 interfaces at line rate...
Besides, safe routing begins at home. If end-users (or endpoints) would do ingress/egress filtering, there wouldn't be a problem. I'm not so certain we should place the blame on the core backbone for passing the packets it is sent without alteration.
Everybody agrees that it's painful to do it in the core, simply because UPRF doesn't work well with the asymmetric routing that BGP sometimes hands you - and the alternative isn't pretty when the default-free zone is sitting at some 110K routes... ;) On the other hand, not doing URPF or equivalent at the ISP's edge router to a single-homed customer is pretty lame. Considering that some 30% of the traffic that arrives at the root nameservers has source addresses in RFC1918 space, there's a LOT of broken NAT configs that are spewing and a LOT of broken ISPs that aren't doing bogon filtering....
Attachment:
_bin
Description:
Current thread:
- Odd packet? Gregh (May 25)
- Re: Odd packet? Ron DuFresne (May 25)
- Re: Odd packet? Maarten (May 25)
- Re: Odd packet? Steffen Schumacher (May 25)
- Re: Odd packet? Maarten (May 25)
- Re: Odd packet? Valdis . Kletnieks (May 26)
- Re: Odd packet? Steffen Schumacher (May 26)
- Re: Odd packet? Jeff Kell (May 26)
- Re: Odd packet? Valdis . Kletnieks (May 26)
- Re: Odd packet? Steffen Schumacher (May 26)
- RE: Odd packet? Aditya, ALD [Aditya Lalit Deshmukh] (May 26)
- Re: Odd packet? Steffen Schumacher (May 27)
- Re: Odd packet? Steffen Schumacher (May 25)
- Re: Odd packet? Valentino Squilloni - Ouz (May 26)
- Re: Odd packet? Steffen Schumacher (May 26)
- Re: Odd packet? Mike Klinke (May 26)
- Message not available
- Re: Odd packet? Valentino Squilloni - Ouz (May 27)
- Re: Odd packet? Valentino Squilloni - Ouz (May 25)
- Re: Odd packet? Maarten (May 25)
- Message not available
- Re: Odd packet? Valentino Squilloni - Ouz (May 26)