[61849] in North American Network Operators' Group
Re: What were we saying about edge filtering?
daemon@ATHENA.MIT.EDU (Jack Bates)
Sat Sep 6 14:23:19 2003
Date: Sat, 06 Sep 2003 13:18:22 -0500
From: Jack Bates <jbates@brightok.net>
To: "Christopher L. Morrow" <chris@UU.NET>
Cc: Matt Ploessel <matt.ploessel@foundstone.com>, robt@cymru.com,
Matthew Sullivan <matthew@sorbs.net>, nanog@merit.edu,
owen@delong.com
In-Reply-To: <Pine.GSO.4.53.0309050641110.171@rampart.argfrp.us.uu.net>
Errors-To: owner-nanog-outgoing@merit.edu
Christopher L. Morrow wrote:
>
> keep in mind its not destination addresses that are the problem here, BUT
True, but there is RPF checks based on routing. anything routed to NULL0
is generally treated by such filters as an invalid route and will
discard the packet of any source address from such a route.
Setting up BGP peers internally and applying route policies to null
route the routes received from the bogon peers would allow for easily
invalidating the routes and dropping packets which supposably originate
from them.
I know this is easily done with vendor C. I suspect that the other
vendors have implemented something very similar (heard J was easier than C).
-Jack
