North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical RE: Force10 Gear - Opinions
> uRPF strict as a configuration default, on customers without possible > asymmetry (multihoming, one-way tunneling, etc) is not a bad default. > But when the customers increase in complexity, the time might come to > relax things some. It's certainly not a be-all-end-all. And it's > been demonstrated time after time here that anti-spoof/bogon filtering > isn't even a factor in most large-scale attacks on the public Internet > these days. Think massively sized, well connected, botnets. See also > CP attacks (which, again, the F10 can't even help you with). Indeed... In today's internet, protecting your own box (cp-policer/control plane filtering) is far more important IMO than implementing BCP38 when much of attack traffic comes from legitimate IP sources anyway (see botnets). james
|