nanog mailing list archives
Re: Open Resolver Problems
From: Jared Mauch <jared () puck nether net>
Date: Mon, 25 Mar 2013 16:36:48 -0400
On Mar 25, 2013, at 12:35 PM, Alain Hebert <ahebert () pubnix net> wrote:
Well, Why would you only go after them? Easier target to mitigate the problem? That might be just me, but I find those peers allowing their customers to spoof source IP addresses more at fault. PS: Some form of adaptive rate limitation works for it btw =D
Folks should be deploying unicast-rpf facing their statically routed infrastructure. This includes server lans, PPPoE Pools, etc. Place the filtering at the edge where feasible. This would also include things like your firewall and other devices that shouldn't leak/emit spoofed packets. If you don't know how to do this, or check on it, please ask around, either here or on cisco-nsp or juniper-nap for your platforms. - Jared
Current thread:
- Re: Open Resolver Problems, (continued)
- Re: Open Resolver Problems Måns Nilsson (Mar 25)
- Re: Open Resolver Problems Joe Abley (Mar 25)
- Re: Open Resolver Problems Mikael Abrahamsson (Mar 25)
- Re: Open Resolver Problems Nick Hilliard (Mar 25)
- Re: Open Resolver Problems Alain Hebert (Mar 25)
- Re: Open Resolver Problems William Herrin (Mar 25)
- Re: Open Resolver Problems Nick Hilliard (Mar 25)
- Re: Open Resolver Problems William Herrin (Mar 25)
- Re: Open Resolver Problems Jay Ashworth (Mar 26)
- Re: Open Resolver Problems Mikael Abrahamsson (Mar 26)
- Re: Open Resolver Problems Jared Mauch (Mar 25)
- Re: Open Resolver Problems Jon Lewis (Mar 26)
- Re: Open Resolver Problems Jared Mauch (Mar 26)
- Re: Open Resolver Problems Jared Mauch (Mar 25)
- RE: Open Resolver Problems Mike Simkins (Mar 25)
- Re: Open Resolver Problems Damian Menscher (Mar 25)
- Re: Open Resolver Problems Jared Mauch (Mar 25)
- Re: Open Resolver Problems Alain Hebert (Mar 25)