North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: BCP38 making it work, solving problems
>dropped over it's 25 day uptime: > > RPF Failures: Packets: 34889152, Bytes: 12838806927 > RPF Failures: Packets: 4200, Bytes: 449923 > RPF Failures: Packets: 3066337401, Bytes: 122772518288 > RPF Failures: Packets: 30954487, Bytes: 3272647457 > RPF Failures: Packets: 4707582841, Bytes: 227001949225 > RPF Failures: Packets: 11291931, Bytes: 643099278 > RPF Failures: Packets: 291592413, Bytes: 20642951232 > RPF Failures: Packets: 380355, Bytes: 22616137 > RPF Failures: Packets: 607543, Bytes: 31687907 > RPF Failures: Packets: 0, Bytes: 0 > RPF Failures: Packets: 91, Bytes: 6978 > RPF Failures: Packets: 0, Bytes: 0 > RPF Failures: Packets: 0, Bytes: 0 > RPF Failures: Packets: 2, Bytes: 80 > RPF Failures: Packets: 13904, Bytes: 1093686 > > this means the junk isn't reaching root servers, peers, or >our customers. mitigating the need to carry this traffic when it >is of (virtually) no use. > And those you do see it indicates a misconfigured / compromised system. A compromised system that is sending spoofed traffic can also launch attacks using regular traffic. Think of this as a early warning system. The same with those ISP's that block outbound port 25. Think of it as a early warning system. The customer is misconfigured or compromised. You need to find out which. [This is not to say that I agree with the practice of blocking port 25] Apply the same logic to anything else you filter outbound.
|