[74743] in North American Network Operators' Group
aggregation & table entries
daemon@ATHENA.MIT.EDU (bmanning@vacation.karoshi.com)
Wed Oct 13 14:09:47 2004
Date: Wed, 13 Oct 2004 18:09:12 +0000
From: bmanning@vacation.karoshi.com
To: Paul Vixie <vixie@vix.com>
Cc: nanog@merit.edu
In-Reply-To: <g3oej6o8ya.fsf@sa.vix.com>
Errors-To: owner-nanog-outgoing@merit.edu
> i've never seen a dns attack that didn't have 50% or more packets coming
> from spoofed sources, though due to loose-mode uRPF, most spoofed sources
> in the last year or so have been from addresses for which a route exists.
> --
> Paul Vixie
reiterating a sometimes heretical idea...
are you refering to things like 172.17.0.0/16 where
only a couple hundred of those numbers have real services, e.g.
all the services are in 172.17.22.0/24 and the spoofed addresses
are in 172.17.128.0/17 space?
or... why do people insist on injecting routes to non-existent
things? a route table entry is a route table entry, regardless
of the scope.
--bill
