North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Working vulnerability? (Cisco exploit)

  • From: Paul Vixie
  • Date: Sat Jul 19 11:20:26 2003

> >I'd estimate than less than a tenth of a percent (that's 0.1%) of
> >edge paths use RPF, even though BCP38 states the case clearly and the
> >technology makes it easy

> "Makes it easy" if you live in an Internet with a number of routes
> significantly less than the limit imposed for having stable RPF
> enabled on your devices, or have devices without bugs in RPF checking
> when said limit is spotted vaguely across the horizon.

since those are two very common beliefs about BCP38 deployment, i'm going
to leave it to barry to repost his standard answers to them, once he's gotten
some sleep.

> I dont seem to be in either of those places. (Although I have not
> sacrificed a router in the last upgrade version or two to see if things
> have improved.)

please do, and please post your results, as an example to others.