nanog mailing list archives
Re: TCP/BGP vulnerability - easier than you think
From: Aditya <aditya () grot org>
Date: Wed, 21 Apr 2004 12:42:18 -0400
On Wed, 21 Apr 2004 07:35:27 -0700, "Michel Py" <michel () arneill-py sacramento ca us> said: Insist that the peer uses "ip verify unicast reverse-path" on all interfaces, or similar command for other vendors.
I sure hope there are no asymmetric paths on the Internet that will bite you when you turn on strict RPF on your peering interfaces </sarcasm> Seriously, if you do turn RPF on on peering interfaces, please let your peers know (plea from circa 1999) Aditya
Current thread:
- RE: TCP/BGP vulnerability - easier than you think Michel Py (Apr 21)
- Re: TCP/BGP vulnerability - easier than you think Adam Rothschild (Apr 21)
- Re: TCP/BGP vulnerability - easier than you think Aditya (Apr 21)
- <Possible follow-ups>
- RE: TCP/BGP vulnerability - easier than you think Michel Py (Apr 21)
- asymmetric/peer RPF [RE: TCP/BGP vulnerability - easier than you think] Pekka Savola (Apr 21)