[61230] in North American Network Operators' Group
Re: Lazy Engineers and Viable Excuses
daemon@ATHENA.MIT.EDU (Iljitsch van Beijnum)
Tue Aug 26 11:40:15 2003
Date: Tue, 26 Aug 2003 17:39:28 +0200
Cc: NANOG <nanog@merit.edu>
To: Leo Bicknell <bicknell@ufp.org>
From: Iljitsch van Beijnum <iljitsch@muada.com>
In-Reply-To: <20030826150312.GB33506@ussenterprise.ufp.org>
Errors-To: owner-nanog-outgoing@merit.edu
On dinsdag, aug 26, 2003, at 17:03 Europe/Amsterdam, Leo Bicknell wrote:
> Now, the customer, over their two T1 transit circuits does the
> following:
> as-path access-list 1 deny .*
> neighbor verio filter-list 1 in
> ip route 0.0.0.0 0.0.0.0 sprint
> Should the customer have to register a route with Sprint to make
> this work? How does UUNet, who only received a route from Verio,
> know incoming packets from Sprint aren't spoofed?
You're not saying anything about outgoing route advertisements here so
these questions are unanswerable.
My position is that if you want to use certain source addresses, you
should announce and register the route that goes with those addresses.
Expecting the whole world to forego uRPF just because that makes your
life easier isn't realistic.
However, maybe we're spending too much effort on the whole source
address spoofing issue, as stopping this doesn't really solve the core
problem, which is how to shut up undesired incoming traffic.
Looking up the unspoofed source address in a registry and then email or
phone the listed contact isn't exactly a sure fire way to do this.
> <mime-attachment>
Why???
