nanog mailing list archives

Re: Source address validation (was Re: UUNet Offer New Protection

From: Paul Vixie <vixie () vix com>
Date: 08 Mar 2004 06:35:16 +0000


ken () kdmd net (Ken Diliberto) writes:

Where do you draw the line between large and not large?  Does a
university with a /16 count as large?  We do both SAV and a version of
uRPF.  It makes our network run better, saves us money (reduces the
amount of time we spend on support and makes troubled / distressed / evil
/ mean / nasty boxes easier to track down) and reduces backbone
congestion making the network run better.  Another benefit is it improves
the world (betcha' were wondering if I'd squeeze all that in).

We're now blocking all SMTP traffic leaving the campus from non-blessed
sources (read mail servers).  The first day doing this we had comments
about less junk mail traffic.  We block traffic we consider harmful that
shouldn't leave the campus.  We're trying to do our part.

Any suggestions how we can do better?


yes.  contact the nanog program committee so you can come to san francisco
and tell the rest of us how you did it -- both in the ones and zeros, and
in the dollars and cents.
-- 
Paul Vixie

Current thread:

Re: Source address validation (was Re: UUNet Offer New Protection Against DDoS), (continued)
- - - Re: Source address validation (was Re: UUNet Offer New Protection Against DDoS) Dan Hollis (Mar 07)
    - Re: Source address validation (was Re: UUNet Offer New Protection Paul Vixie (Mar 07)
    - Re: Source address validation (was Re: UUNet Offer New Protection Against DDoS) E.B. Dreger (Mar 07)
    - Re: Source address validation (was Re: UUNet Offer New Protection Against DDoS) Joe Provo (Mar 07)
    - Re: Source address validation (was Re: UUNet Offer New Protection Against DDoS) Henry Linneweh (Mar 08)
    - Re: Source address validation (was Re: UUNet Offer New Protection Against DDoS) Avleen Vig (Mar 07)
    - Re: Source address validation (was Re: UUNet Offer New Protection Against DDoS) Sean Donelan (Mar 07)
    - Re: Source address validation (was Re: UUNet Offer New Protection Paul Vixie (Mar 07)
    - Re: Source address validation (was Re: UUNet Offer New Protection Against DDoS) Avleen Vig (Mar 08)
    - Re: Source address validation (was Re: UUNet Offer New Protection Against DDoS) Ken Diliberto (Mar 07)
    - Re: Source address validation (was Re: UUNet Offer New Protection Paul Vixie (Mar 07)
    - Re: Source address validation (was Re: UUNet Offer New Protection Against DDoS) Avleen Vig (Mar 06)
    - Re: Source address validation (was Re: UUNet Offer New Protection Against DDoS) Sean Donelan (Mar 06)
    - Re: Source address validation (was Re: UUNet Offer New Protection Paul Vixie (Mar 06)
    - Re: Source address validation (was Re: UUNet Offer New Protection Dan Hollis (Mar 06)
    - Re: Source address validation (was Re: UUNet Offer New Protection Against DDoS) Avleen Vig (Mar 07)
    - Re: Source address validation (was Re: UUNet Offer New Protection Against DDoS) Christopher L. Morrow (Mar 07)
    - Re: Source address validation (was Re: UUNet Offer New Protection Against DDoS) Avleen Vig (Mar 07)
    - Re: Source address validation (was Re: UUNet Offer New Protection Against DDoS) fingers (Mar 07)
    - Re: Source address validation (was Re: UUNet Offer New Protection Against DDoS) Laurence F. Sheldon, Jr. (Mar 07)
    - Re: Source address validation (was Re: UUNet Offer New Protection Against DDoS) Christopher L. Morrow (Mar 07)

(Thread continues...)