On Fri, Jun 18, 2010 at 8:37 AM, Steve Bertrand <st...@ipv6canada.com> wrote: > On 2010.06.17 17:10, William Herrin wrote: >> Reverse path filtering + asymmetric routing = epic fail. Jon did say >> Multihomed customer. > > If all IP blocks are tied down to null, and urpf is enabled in loose > mode on an interface, it will catch cases where someone is sourcing > traffic to you using IPs from the unassigned space that you have in your > free pools.
Hi Steve, I'm not sure what that accomplishes. It doesn't close any doors. With loose-mode RPF he can still forge packets from any address actually in use. > Every month or so I re-route my blackholed traffic to a sinkhole, and > more often than not, I see some ingress traffic from my unassigned space. You'd be better off pointing the forward routes at a packet logger so you can gain some insight into who is scanning the network, particularly when the scanner actually is internal. Regards, Bill Herrin -- William D. Herrin ................ her...@dirtside.com b...@herrin.us 3005 Crane Dr. ...................... Web: <http://bill.herrin.us/> Falls Church, VA 22042-3004