[69914] in North American Network Operators' Group


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: TCP/BGP vulnerability - easier than you think

daemon@ATHENA.MIT.EDU (Aditya)
Wed Apr 21 12:50:44 2004

To: nanog@merit.edu
From: Aditya <aditya@grot.org>
Date: Wed, 21 Apr 2004 12:42:18 -0400
X-Complaints-To: usenet@sea.gmane.org
Errors-To: owner-nanog-outgoing@merit.edu


> On Wed, 21 Apr 2004 07:35:27 -0700, "Michel Py" <michel@arneill-py.sacramento.ca.us> said:
> Insist that the peer uses "ip verify unicast reverse-path" on all
> interfaces, or similar command for other vendors.

I sure hope there are no asymmetric paths on the Internet that will
bite you when you turn on strict RPF on your peering interfaces
</sarcasm>

Seriously, if you do turn RPF on on peering interfaces, please let
your peers know (plea from circa 1999)

Aditya


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[69914] in North American Network Operators' Group

Re: TCP/BGP vulnerability - easier than you think

daemon@ATHENA.MIT.EDU (Aditya)Wed Apr 21 12:50:44 2004

daemon@ATHENA.MIT.EDU (Aditya)
Wed Apr 21 12:50:44 2004