nanog mailing list archives

Re: On the back of other 'security' posts....

From: Scott Francis <darkuncle () darkuncle net>
Date: Wed, 3 Sep 2003 14:07:43 -0700

On Sun, Aug 31, 2003 at 02:34:28PM -0700, owen () delong com said:
[snip]

What you are saying works only so long as none of your edge connections
represent a significant portion of the internet.  How do you anti-spoof,
for example, a peering link with SPRINT or UUNET?  It's not realistic
to think that you know which addresses could or could not legitimately
come from them.


another poster wrote that the spoofed traffic he was seeing was coming from
0.0.0.4 - 40.0.0.0 in .4 increments ... simple bogon filtering would get rid
of a good chunk of that space. Granted, it's a small subset of anti-spoof
filtering, but there are still networks out there that don't even make _that_
best effort.

If folks would simply make the best effort they could, given their situation,
the Internet as a whole would be a dramatically nicer place. That best effort
will vary greatly by situation, but even a partial attempt is better than
none at all.
-- 
Scott Francis || darkuncle (at) darkuncle (dot) net
      illum oportet crescere me autem minui

Attachment: _bin
Description:

Current thread:

RE: On the back of other 'security' posts.... Terry Baranski (Sep 01)
- RE: On the back of other 'security' posts.... Daniel Senie (Sep 01)
- Re: On the back of other 'security' posts.... Paul Vixie (Sep 01)
- Re: On the back of other 'security' posts.... Iljitsch van Beijnum (Sep 02)
- <Possible follow-ups>
- Re: On the back of other 'security' posts.... Scott Francis (Sep 03)