nanog mailing list archives
Re: BCP38 deployment [ was Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey ]
From: Valdis.Kletnieks () vt edu
Date: Mon, 26 Sep 2016 03:14:44 -0400
On Sun, 25 Sep 2016 21:19:31 -0700, Hugo Slabbert said:
Linux: From /etc/sysctl.conf: # Uncomment the next two lines to enable Spoof protection (reverse-path=20 # filter) # Turn on Source Address Verification in all interfaces to # prevent some spoofing attacks net.ipv4.conf.default.rp_filter=1 net.ipv4.conf.all.rp_filter=1 Unfortunately, the net.ipv6 equivalents for those do not yet seem to be a thing on Linux.
See net/ipv6/netfilter/ip6t_rpfilter.c Also, note that a lot of net.ipv4.conf variables also apply to ipv6 (though checking the source tree, this isn't one of them, unless it's via a macro that some quick grepping didn't find...)
Attachment:
_bin
Description:
Current thread:
- Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey, (continued)
- Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Christopher Morrow (Sep 24)
- Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Brett Watson (Sep 24)
- Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Justin Paine via NANOG (Sep 24)
- Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Jared Mauch (Sep 24)
- Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Jay Farrell via NANOG (Sep 24)
- Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Jay R. Ashworth (Sep 24)
- Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Jay Farrell via NANOG (Sep 25)
- Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Jay R. Ashworth (Sep 25)
- Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Stephen Satchell (Sep 25)
- BCP38 deployment [ was Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey ] Hugo Slabbert (Sep 25)
- Re: BCP38 deployment [ was Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey ] Valdis . Kletnieks (Sep 26)
- Re: BCP38 deployment [ was Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey ] Vincent Bernat (Sep 26)
- Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Mark Milhollan (Sep 26)
- Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Royce Williams (Sep 26)
- Message not available
- Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey John Kristoff (Sep 26)
- Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Ca By (Sep 25)
- Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Mike Hammett (Sep 25)
- Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Jay R. Ashworth (Sep 25)
- Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Ca By (Sep 25)
- Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Mike Hammett (Sep 25)
- Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey John Levine (Sep 25)