[127254] in North American Network Operators' Group
Re: Todd Underwood was a little late
daemon@ATHENA.MIT.EDU (William Herrin)
Fri Jun 18 09:07:29 2010
In-Reply-To: <4C1B6884.4000606@ipv6canada.com>
From: William Herrin <bill@herrin.us>
Date: Fri, 18 Jun 2010 09:06:56 -0400
To: Steve Bertrand <steve@ipv6canada.com>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Fri, Jun 18, 2010 at 8:37 AM, Steve Bertrand <steve@ipv6canada.com> wrote:
> On 2010.06.17 17:10, William Herrin wrote:
>> Reverse path filtering + asymmetric routing = epic fail. Jon did say
>> Multihomed customer.
>
> If all IP blocks are tied down to null, and urpf is enabled in loose
> mode on an interface, it will catch cases where someone is sourcing
> traffic to you using IPs from the unassigned space that you have in your
> free pools.
Hi Steve,
I'm not sure what that accomplishes. It doesn't close any doors. With
loose-mode RPF he can still forge packets from any address actually in
use.
> Every month or so I re-route my blackholed traffic to a sinkhole, and
> more often than not, I see some ingress traffic from my unassigned space.
You'd be better off pointing the forward routes at a packet logger so
you can gain some insight into who is scanning the network,
particularly when the scanner actually is internal.
Regards,
Bill Herrin
--
William D. Herrin ................ herrin@dirtside.com bill@herrin.us
3005 Crane Dr. ...................... Web: <http://bill.herrin.us/>
Falls Church, VA 22042-3004
