nanog mailing list archives
Re: Quarantine your infected users spreading malware
From: David Nolan <vitroth+ () cmu edu>
Date: Wed, 01 Mar 2006 09:50:34 -0500
--On Wednesday, March 01, 2006 07:54:17 -0600 Jack Bates <jbates () brightok net> wrote:
David Nolan wrote: <snip>(*): For anyone who doesn't know, URPF is essentially a way to do automatic acls, comparing the source IP of on an incoming packet to the routing table to verify the packet should have come from this interface. With the right hardware this is significantly cheaper then acl processing. And its certainly easier to maintain. And by injecting a /32 null route into the route table you can cause a host's local router to start discarding all traffic from that IP.<snip sig> Yeah, but it's not near as fun as dynamic acls updated via a script monitoring flow logs in real-time. It's definitely easier to implement, though.
Interesting... Thats actually basically what we were doing before, but phased out in favor of the URPF & host routes approach. We felt the URPF approach was much cleaner, and more efficient. A routing table lookup is more efficient then a acl processing, particulary if you have significant numbers of rou and solved some problems we were having. It also solved some issues we had, including keeping dynamic acls synchronized betwen two redundant routers (HSRP pairs and/or redundant border routers).
-David
Current thread:
- Re: Quarantine your infected users spreading malware David Nolan (Mar 01)
- Re: Quarantine your infected users spreading malware Jack Bates (Mar 01)
- Re: Quarantine your infected users spreading malware David Nolan (Mar 01)
- Re: Quarantine your infected users spreading malware Bill Nash (Mar 01)
- Re: Quarantine your infected users spreading malware David Nolan (Mar 01)
- <Possible follow-ups>
- Re: Quarantine your infected users spreading malware JP Velders (Mar 01)
- Re: Quarantine your infected users spreading malware Christopher L. Morrow (Mar 01)
- Re: Quarantine your infected users spreading malware Jack Bates (Mar 01)
- Re: Quarantine your infected users spreading malware David Nolan (Mar 01)
- Re: Quarantine your infected users spreading malware Christopher L. Morrow (Mar 02)
- Re: Quarantine your infected users spreading malware Jim Segrave (Mar 02)
- Re: Quarantine your infected users spreading malware Jim Segrave (Mar 02)
- Re: Quarantine your infected users spreading malware Christopher L. Morrow (Mar 01)
- Re: Quarantine your infected users spreading malware Jack Bates (Mar 01)
- Re: Quarantine your infected users spreading malware Jim Segrave (Mar 02)
- Re: Quarantine your infected users spreading malware Robert E . Seastrom (Mar 02)