nanog mailing list archives

Re: TCP/BGP vulnerability - easier than you think

From: Aditya <aditya () grot org>
Date: Wed, 21 Apr 2004 12:42:18 -0400

On Wed, 21 Apr 2004 07:35:27 -0700, "Michel Py" <michel () arneill-py sacramento ca us> said:
Insist that the peer uses "ip verify unicast reverse-path" on all
interfaces, or similar command for other vendors.


I sure hope there are no asymmetric paths on the Internet that will
bite you when you turn on strict RPF on your peering interfaces
</sarcasm>

Seriously, if you do turn RPF on on peering interfaces, please let
your peers know (plea from circa 1999)

Aditya

Current thread:

RE: TCP/BGP vulnerability - easier than you think Michel Py (Apr 21)
- Re: TCP/BGP vulnerability - easier than you think Adam Rothschild (Apr 21)
- Re: TCP/BGP vulnerability - easier than you think Aditya (Apr 21)
- <Possible follow-ups>
- RE: TCP/BGP vulnerability - easier than you think Michel Py (Apr 21)
  - asymmetric/peer RPF [RE: TCP/BGP vulnerability - easier than you think] Pekka Savola (Apr 21)