Re: Todd Underwood was a little late

[William Herrin <bill () herrin us>]

On Fri, Jun 18, 2010 at 8:37 AM, Steve Bertrand <steve () ipv6canada com> wrote:
> On 2010.06.17 17:10, William Herrin wrote:
> > Reverse path filtering + asymmetric routing = epic fail. Jon did say
> > Multihomed customer.
>
> If all IP blocks are tied down to null, and urpf is enabled in loose
> mode on an interface, it will catch cases where someone is sourcing
> traffic to you using IPs from the unassigned space that you have in your
> free pools.

Hi Steve,

I'm not sure what that accomplishes. It doesn't close any doors. With
loose-mode RPF he can still forge packets from any address actually in
use.


> Every month or so I re-route my blackholed traffic to a sinkhole, and
> more often than not, I see some ingress traffic from my unassigned space.

You'd be better off pointing the forward routes at a packet logger so
you can gain some insight into who is scanning the network,
particularly when the scanner actually is internal.

Regards,
Bill Herrin


-- 
William D. Herrin ................ herrin () dirtside com  bill () herrin us
3005 Crane Dr. ...................... Web: <http://bill.herrin.us/>
Falls Church, VA 22042-3004