Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Source address validation (was Re: UUNet Offer New ProtectionAgainst DDoS)

  • From: Sean Donelan
  • Date: Sat Mar 06 22:44:23 2004

On Sat, 6 Mar 2004, Dan Hollis wrote:
> sadly the prevailing thought seems to be 'we cant block every exploit so
> we will block none'. this (and others) are used as an excuse to not deploy
> urpf on edge interfaces facing singlehomed customers.

This is one of the few locations SAV/uRPF consistently works.  SAV/uRPF is
widely (but not 100%) deployed int those location.  However I think you
are mis-stating the issue.  I do not know of anyone that has stated your
reason as the reason not to deploy SAV/uRPF on non-routing interfaces.
The issue which prompt this thread was deploying uRPF on multi-path
backbone interfaces using active routing.

How many exploits does uRPF block?

Biometric smart cards may do wonders for credit card fraud.  Why don't
credit card companies replace all existing cards with them?

Does uRPF solve more problems than it causes, and saves more than it
costs?





Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.