nanog mailing list archives
Re: Working vulnerability? (Cisco exploit)
From: Paul Vixie <paul () vix com>
Date: Sat, 19 Jul 2003 15:16:18 +0000
I'd estimate than less than a tenth of a percent (that's 0.1%) of edge paths use RPF, even though BCP38 states the case clearly and the technology makes it easy
"Makes it easy" if you live in an Internet with a number of routes significantly less than the limit imposed for having stable RPF enabled on your devices, or have devices without bugs in RPF checking when said limit is spotted vaguely across the horizon.
since those are two very common beliefs about BCP38 deployment, i'm going to leave it to barry to repost his standard answers to them, once he's gotten some sleep.
I dont seem to be in either of those places. (Although I have not sacrificed a router in the last upgrade version or two to see if things have improved.)
please do, and please post your results, as an example to others.
Current thread:
- RE: Working vulnerability? (Cisco exploit) Ben Buxton (Jul 18)
- RE: Working vulnerability? (Cisco exploit) jlewis (Jul 18)
- Re: Working vulnerability? (Cisco exploit) D'Arcy J.M. Cain (Jul 18)
- Re: Working vulnerability? (Cisco exploit) Matthew Watkins (Jul 18)
- Re: Working vulnerability? (Cisco exploit) Paul Vixie (Jul 19)
- Re: Working vulnerability? (Cisco exploit) D'Arcy J.M. Cain (Jul 19)
- Re: Working vulnerability? (Cisco exploit) D'Arcy J.M. Cain (Jul 18)
- RE: Working vulnerability? (Cisco exploit) jlewis (Jul 18)
- RE: Working vulnerability? (Cisco exploit) Christopher L. Morrow (Jul 18)
- <Possible follow-ups>
- RE: Working vulnerability? (Cisco exploit) Ben Buxton (Jul 18)
- Re: Working vulnerability? (Cisco exploit) Paul Vixie (Jul 19)
- Re: Working vulnerability? (Cisco exploit) Steve Francis (Jul 19)
- Re: Working vulnerability? (Cisco exploit) Paul Vixie (Jul 19)
- Re: Working vulnerability? (Cisco exploit) Rob Thomas (Jul 19)
- Re: Working vulnerability? (Cisco exploit) Paul Vixie (Jul 19)