nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: BCP38 making it work, solving problems

From: Mark Andrews <Mark_Andrews () isc org>
Date: Wed, 20 Oct 2004 10:12:11 +1000 (EST)


dropped over it's 25 day uptime:

     RPF Failures: Packets: 34889152, Bytes: 12838806927
     RPF Failures: Packets: 4200, Bytes: 449923
     RPF Failures: Packets: 3066337401, Bytes: 122772518288
     RPF Failures: Packets: 30954487, Bytes: 3272647457
     RPF Failures: Packets: 4707582841, Bytes: 227001949225
     RPF Failures: Packets: 11291931, Bytes: 643099278
     RPF Failures: Packets: 291592413, Bytes: 20642951232
     RPF Failures: Packets: 380355, Bytes: 22616137
     RPF Failures: Packets: 607543, Bytes: 31687907
     RPF Failures: Packets: 0, Bytes: 0
     RPF Failures: Packets: 91, Bytes: 6978
     RPF Failures: Packets: 0, Bytes: 0
     RPF Failures: Packets: 0, Bytes: 0
     RPF Failures: Packets: 2, Bytes: 80
     RPF Failures: Packets: 13904, Bytes: 1093686

      this means the junk isn't reaching root servers, peers, or
our customers.  mitigating the need to carry this traffic when it
is of (virtually) no use.


        And those you do see it indicates a misconfigured / compromised
        system.

        A compromised system that is sending spoofed traffic can
        also launch attacks using regular traffic.  Think of this
        as a early warning system.

        The same with those ISP's that block outbound port 25.
        Think of it as a early warning system.  The customer is
        misconfigured or compromised.  You need to find out which.
        [This is not to say that I agree with the practice of blocking
        port 25]

        Apply the same logic to anything else you filter outbound.
Previous By Date Next
Previous By Thread Next

Current thread: