North American Network Operators Group|
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Re: Source address validation (was Re: UUNet Offer New ProtectionAgainst DDoS)
- From: Sean Donelan
- Date: Sat Mar 06 22:44:23 2004
On Sat, 6 Mar 2004, Dan Hollis wrote:
> sadly the prevailing thought seems to be 'we cant block every exploit so
> we will block none'. this (and others) are used as an excuse to not deploy
> urpf on edge interfaces facing singlehomed customers.
This is one of the few locations SAV/uRPF consistently works. SAV/uRPF is
widely (but not 100%) deployed int those location. However I think you
are mis-stating the issue. I do not know of anyone that has stated your
reason as the reason not to deploy SAV/uRPF on non-routing interfaces.
The issue which prompt this thread was deploying uRPF on multi-path
backbone interfaces using active routing.
How many exploits does uRPF block?
Biometric smart cards may do wonders for credit card fraud. Why don't
credit card companies replace all existing cards with them?
Does uRPF solve more problems than it causes, and saves more than it