nanog mailing list archives
Re: register.com down sev0?
From: Jared Mauch <jared () puck nether net>
Date: Thu, 26 Oct 2006 07:25:51 -0400
On Thu, Oct 26, 2006 at 06:03:54AM +0000, Fergie wrote:
Randy, I don't think I implied anything of the sort. I did, however, pipe up when a BCP is mentioned that I endorse, and co-authored -- and likewise, cannot figure out for life of me, why there is such push-back from the Ops community on doing The Right Thing.
The challenge is that the router vendors still haven't done "The Right Thing". I have one device that 1) halves its forwarding table space by enabling u-rpf 2) can only do either strict or loose mode rpf *GLOBALLY* so I can not strict rpf-check a static customer AND loose rpf someone larger for unrouted space. because of the above (#1 isn't that bad, but #2 is) I can't enable u-rpf on the device as a policy. Changing one interface from loose -> strict silently changes all other u-rpf interfaces and then customers gripe about dropped packets. obviously moving these checks closer to the edge is ideal, such as always doing rpf on the ethernet lan interface for your customer CPE.
Having said that, botnets don't need to spoof addresses -- the sheer dispersion of geographic and AS infection base renders the whole point of spoofing almost moot.
yup, it's an evolving threat, even if some solution to the botnet problem is discovered, it will take years to fix. Think of the smurf amplifiers that are still out there[1]. - jared 1 - http://www.powertech.no/smurf/ -- Jared Mauch | pgp key available via finger from jared () puck nether net clue++; | http://puck.nether.net/~jared/ My statements are only mine.
Current thread:
- Re: register.com down sev0?, (continued)
- Re: register.com down sev0? Fergie (Oct 25)
- BCP38 thread 93,871,738,435 (was Re: register.com down sev0?) Sean Donelan (Oct 25)
- Re: register.com down sev0? Randy Bush (Oct 25)
- Re: register.com down sev0? Chris L. Morrow (Oct 26)
- Re: register.com down sev0? Randy Bush (Oct 26)
- Re: register.com down sev0? Gadi Evron (Oct 26)
- 10,352 active botnets (was Re: register.com down sev0? Valdis . Kletnieks (Oct 26)
- Re: 10,352 active botnets (was Re: register.com down sev0? Matthew Crocker (Oct 26)
- Re: 10,352 active botnets (was Re: register.com down sev0? Jack Bates (Oct 26)
- Re: register.com down sev0? Fergie (Oct 25)
- Re: register.com down sev0? Jared Mauch (Oct 26)
- Re: register.com down sev0? Daniel Senie (Oct 26)
- RE: register.com down sev0? Tony Li (Oct 26)
- different flavours of uRPF [RE: register.com down sev0?] Pekka Savola (Oct 26)
- Re: different flavours of uRPF [RE: register.com down sev0?] Tony Li (Oct 27)
- Re: different flavours of uRPF [RE: register.com down sev0?] Chris L. Morrow (Oct 27)
- Re: register.com down sev0? Gadi Evron (Oct 26)
- Re: register.com down sev0? Patrick W. Gilmore (Oct 26)