[107509] in North American Network Operators' Group
Re: BCP38 dismissal
daemon@ATHENA.MIT.EDU (Greg Hankins)
Thu Sep 4 14:13:03 2008
Date: Thu, 4 Sep 2008 14:12:56 -0400
From: Greg Hankins <ghankins@mindspring.com>
To: nanog@merit.edu
Mail-Followup-To: nanog@merit.edu
In-Reply-To: <620fd17c0809041014n26cdcebo784c6de2f932e149@mail.gmail.com>
Errors-To: nanog-bounces@nanog.org
On Thu, Sep 04, 2008 at 01:14:20PM -0400, Paul Wall wrote:
>On Thu, Sep 4, 2008 at 12:45 PM, Jo Rhett <jrhett@netconsonance.com> wrote:
>> I'm sorry, but nonsense statements such as these burn the blood. Sure, yes,
>> protecting yourself is so much more important than protecting anyone else.
>>
>> Anyone else want to stand up and join the "I am an asshole" club?
>
>uRPF is important. But all the uRPF in the world won't protect you
>against a little tcp/{22,23,179} SYN aimed at your Force 10 box.
>
>Ya know what I mean?
Hey Paul, would you be able to demonstrate this problem? I'd like to see
it so that we can investigate and fix it.
You are correct that the first generation of E-Series hardware (EtherScale)
had little control plane protection.
The current E-Series hardware (TeraScale) has a completely different
architecture that rate limits, queues and filters all packets destined to
the control plane.
Greg*
(* I am currently employed by Force10.)
--
Greg Hankins <ghankins@mindspring.com>
