[61900] in North American Network Operators' Group
Re: What were we saying about edge filtering?
daemon@ATHENA.MIT.EDU (Sean Donelan)
Mon Sep 8 23:24:27 2003
Date: Mon, 8 Sep 2003 23:23:48 -0400 (EDT)
From: Sean Donelan <sean@donelan.com>
To: nanog@merit.edu
In-Reply-To: <20030909023718.6724.qmail@sidehack.sat.gweep.net>
Errors-To: owner-nanog-outgoing@merit.edu
On Mon, 8 Sep 2003 bdragon@gweep.net wrote:
> > keep in mind its not destination addresses that are the problem here, BUT
> > if it was, on an experiment (not a very smart one) we routed 0/1 to a lab
> > system inside 701 once in 2001 (as I recall, so before
> > nimda/code-red/blaster) and recieved +600kpps of garbage traffic as a
> > result. Trying to acl/analyze/deal-with that flow was almost impossible...
> > I'm not sure what you want to do with it today when our 'sinkhole' network
> > is consistently handling +20kpps (5x previous) MORE of random garbage
> > than 3 weeks ago, before blaster/nachi started to cause more pain :(
>
> Just think, if you used loose uRPF, you wouldn't need to carry that traffic
> to your sinkhole network, even you win.
Don't confuse the source and destination. This traffic is packets with an
unused DESTINATION address.
loose uRPF has *NO* effect on the destination address.
Which is greater in a typical backbone? Traffic with a bogon source, or
traffic with a bogon destination entering the backbone?
