North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

aggregation & table entries

  • From: bmanning
  • Date: Wed Oct 13 14:11:18 2004

> i've never seen a dns attack that didn't have 50% or more packets coming
> from spoofed sources, though due to loose-mode uRPF, most spoofed sources
> in the last year or so have been from addresses for which a route exists.
> -- 
> Paul Vixie

	reiterating a sometimes heretical idea...

	are you refering to things like  172.17.0.0/16 where
	only a couple hundred of those numbers have real services, e.g.
	all the services are in 172.17.22.0/24 and the spoofed addresses
	are in 172.17.128.0/17 space?

	or... why do people insist on injecting routes to non-existent
	things?    a route table entry is a route table entry, regardless
	of the scope.  


--bill