nanog mailing list archives

Re: Source address validation (was Re: UUNet Offer New Protection Against DDoS)

From: vijay gill <vgill () vijaygill com>
Date: Mon, 8 Mar 2004 02:42:05 +0000


On Sun, Mar 07, 2004 at 08:35:54PM +0000, Christopher L. Morrow wrote:



Here is a sticky point... There are reasons to allow 10.x.x.x sources to
transit a network. Mostly the reasons come back to 'broken' configurations
or 'broken' hardware. The reasons still equate to customer calls and
'broken' networking fromm their perspective. I think the thing you are
actually driving at is the 'intent' of the packet, which is quite tough
for the router to determine.



Putting rubber to the road eventually, we actually went ahead and
packetfiltered rfc1918 space on our edge. I know paul and stephen
will be crowing with joy here, as we had several arguments about
it in previous lives, but having gone ahead and filtered it,
nothing appears to have broken, or at least nothing got called
in. We've been doing it for several months now.

/vijay

Current thread:

Re: Source address validation (was Re: UUNet Offer New Protection Against DDoS), (continued)
- - - Re: Source address validation (was Re: UUNet Offer New Protection Against DDoS) Avleen Vig (Mar 06)
    - Re: Source address validation (was Re: UUNet Offer New Protection Against DDoS) Sean Donelan (Mar 06)
    - Re: Source address validation (was Re: UUNet Offer New Protection Paul Vixie (Mar 06)
    - Re: Source address validation (was Re: UUNet Offer New Protection Dan Hollis (Mar 06)
    - Re: Source address validation (was Re: UUNet Offer New Protection Against DDoS) Avleen Vig (Mar 07)
    - Re: Source address validation (was Re: UUNet Offer New Protection Against DDoS) Christopher L. Morrow (Mar 07)
    - Re: Source address validation (was Re: UUNet Offer New Protection Against DDoS) Avleen Vig (Mar 07)
    - Re: Source address validation (was Re: UUNet Offer New Protection Against DDoS) fingers (Mar 07)
    - Re: Source address validation (was Re: UUNet Offer New Protection Against DDoS) Laurence F. Sheldon, Jr. (Mar 07)
    - Re: Source address validation (was Re: UUNet Offer New Protection Against DDoS) Christopher L. Morrow (Mar 07)
    - Re: Source address validation (was Re: UUNet Offer New Protection Against DDoS) vijay gill (Mar 07)
    - Re: Source address validation (was Re: UUNet Offer New Protection Against DDoS) Paul Vixie (Mar 07)
    - Re: Source address validation (was Re: UUNet Offer New Protection Against DDoS) Christopher L. Morrow (Mar 07)
    - Re: Source address validation Paul Vixie (Mar 07)
    - Re: Source address validation (was Re: UUNet Offer New Protection Against DDoS) E.B. Dreger (Mar 07)
    - Re: UUNet Offer New Protection Against DDoS Alex Bligh (Mar 06)
- RE: UUNet Offer New Protection Against DDoS Lumenello, Jason (Mar 03)
  - Re: UUNet Offer New Protection Against DDoS Patrick W . Gilmore (Mar 03)
    - Re: UUNet Offer New Protection Against DDoS Alex Bligh (Mar 04)
    - Re: UUNet Offer New Protection Against DDoS Avleen Vig (Mar 04)
- RE: UUNet Offer New Protection Against DDoS Lumenello, Jason (Mar 03)

(Thread continues...)