nanog mailing list archives
Re: 69/8...this sucks -- Centralizing filtering..
From: Iljitsch van Beijnum <iljitsch () muada com>
Date: Tue, 11 Mar 2003 20:04:47 +0100 (CET)
On Tue, 11 Mar 2003, Peter Galbavy wrote:
If all routes in the routing table are good (which soBGP and S-BGP can do for you) and routers filter based on the contents of the routing table, hosts will not see any bogon packets except locally generated ones so they shouldn't have bogon filters of their own.
I believe you are confusing authentication with authorisation.
I don't think I am.
Having authentic routes does not imply that all the traffic will be 'correct'. Various networks will always fail to filter customer traffic at ingress etc. and then source address spoofing becomes trivial.
I don't see your point. Packets with bogon sources are just one class of spoofed packets. As I've explained earlier S-BGP or soBGP with uRPF will get rid of bogons. Neither this or bogon filters on the host will do anything against non-bogon spoofed packets.
Current thread:
- 202/7 (RE: 69/8...this sucks -- Centralizing filtering..), (continued)
- 202/7 (RE: 69/8...this sucks -- Centralizing filtering..) E.B. Dreger (Mar 10)
- Re: 69/8...this sucks -- Centralizing filtering.. Ray Bellis (Mar 10)
- Re: 69/8...this sucks -- Centralizing filtering.. Jack Bates (Mar 10)
- Re: 69/8...this sucks -- Centralizing filtering.. Stephen Sprunk (Mar 11)
- Re: 69/8...this sucks -- Centralizing filtering.. jlewis (Mar 11)
- Re: 69/8...this sucks -- Centralizing filtering.. Shane Kerr (Mar 14)
- RE: 69/8...this sucks -- Centralizing filtering.. Iljitsch van Beijnum (Mar 11)
- Re: 69/8...this sucks -- Centralizing filtering.. Jack Bates (Mar 11)
- Re: 69/8...this sucks -- Centralizing filtering.. Iljitsch van Beijnum (Mar 11)
- Re: 69/8...this sucks -- Centralizing filtering.. Peter Galbavy (Mar 11)
- Re: 69/8...this sucks -- Centralizing filtering.. Iljitsch van Beijnum (Mar 11)
- Re: 69/8...this sucks -- Centralizing filtering.. Jack Bates (Mar 11)
- RE: 69/8...this sucks -- Centralizing filtering.. Owen DeLong (Mar 11)