[56618] in North American Network Operators' Group
Re: 69/8...this sucks -- Centralizing filtering..
daemon@ATHENA.MIT.EDU (Peter Galbavy)
Tue Mar 11 12:29:08 2003
From: "Peter Galbavy" <peter.galbavy@knowtion.net>
To: "Iljitsch van Beijnum" <iljitsch@muada.com>,
"Jack Bates" <jbates@brightok.net>
Cc: <nanog@merit.edu>
Date: Tue, 11 Mar 2003 17:28:41 -0000
Errors-To: owner-nanog-outgoing@merit.edu
> If all routes in the routing table are good (which soBGP and S-BGP can
> do for you) and routers filter based on the contents of the routing
> table, hosts will not see any bogon packets except locally generated
> ones so they shouldn't have bogon filters of their own. So this will
> indeed solve the problem for these people.
I believe you are confusing authentication with authorisation.
Having authentic routes does not imply that all the traffic will be
'correct'. Various networks will always fail to filter customer traffic at
ingress etc. and then source address spoofing becomes trivial.
Peter
