On Wed, Mar 28, 2012 at 12:50, David Conrad <d...@virtualized.org> wrote: > I would be surprised if this were true. > > I'd argue that today, the vast majority of devices on the Internet (and > certainly the ones that are used in massive D(D)oS attacks) are found hanging > off singly-homed networks.
Yes, but RPF can be implemented in places other than the customer edge. In those places, lack of widespread, easy, and vendor-supported feasible-path uRPF is what I believe really hurts things. Granted, this is along a different line than what the OP was talking about, but in terms of answering the question of "why don't we see ingress filtering as much as we should?", I think it's a large factor. -- Darius Jahandarie