Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: BCP38 making it work, solving problems

  • From: Mark Andrews
  • Date: Tue Oct 19 20:13:20 2004

>dropped over it's 25 day uptime:
>
>      RPF Failures: Packets: 34889152, Bytes: 12838806927
>      RPF Failures: Packets: 4200, Bytes: 449923
>      RPF Failures: Packets: 3066337401, Bytes: 122772518288
>      RPF Failures: Packets: 30954487, Bytes: 3272647457
>      RPF Failures: Packets: 4707582841, Bytes: 227001949225
>      RPF Failures: Packets: 11291931, Bytes: 643099278
>      RPF Failures: Packets: 291592413, Bytes: 20642951232
>      RPF Failures: Packets: 380355, Bytes: 22616137
>      RPF Failures: Packets: 607543, Bytes: 31687907
>      RPF Failures: Packets: 0, Bytes: 0
>      RPF Failures: Packets: 91, Bytes: 6978
>      RPF Failures: Packets: 0, Bytes: 0
>      RPF Failures: Packets: 0, Bytes: 0
>      RPF Failures: Packets: 2, Bytes: 80
>      RPF Failures: Packets: 13904, Bytes: 1093686
>
>	this means the junk isn't reaching root servers, peers, or
>our customers.  mitigating the need to carry this traffic when it
>is of (virtually) no use.
>
	And those you do see it indicates a misconfigured / compromised
	system.

	A compromised system that is sending spoofed traffic can
	also launch attacks using regular traffic.  Think of this
	as a early warning system.

	The same with those ISP's that block outbound port 25.
	Think of it as a early warning system.  The customer is
	misconfigured or compromised.  You need to find out which.
	[This is not to say that I agree with the practice of blocking
	port 25]

	Apply the same logic to anything else you filter outbound.




Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.