North American Network Operators Group
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Historical
Re: On the back of other 'security' posts....
- From: Scott Francis
- Date: Wed Sep 03 17:09:50 2003
On Sun, Aug 31, 2003 at 02:34:28PM -0700, owen@delong.com said:
[snip]
> What you are saying works only so long as none of your edge connections
> represent a significant portion of the internet. How do you anti-spoof,
> for example, a peering link with SPRINT or UUNET? It's not realistic
> to think that you know which addresses could or could not legitimately
> come from them.
another poster wrote that the spoofed traffic he was seeing was coming from
0.0.0.4 - 40.0.0.0 in .4 increments ... simple bogon filtering would get rid
of a good chunk of that space. Granted, it's a small subset of anti-spoof
filtering, but there are still networks out there that don't even make _that_
best effort.
If folks would simply make the best effort they could, given their situation,
the Internet as a whole would be a dramatically nicer place. That best effort
will vary greatly by situation, but even a partial attempt is better than
none at all.
--
Scott Francis || darkuncle (at) darkuncle (dot) net
illum oportet crescere me autem minui
Attachment:
pgp00002.pgp
Description: PGP signature
|
