On Thu, 08 Aug 2013 12:46:10 -0500, Blake Dunlap said: > I noticed that two of my ASNs are on that list for example with low > numbers. I can't fathom how as at least one of them has uRPF implemented on > any actual interfaces and no downstreams/peers.
Most likely, you have places where one host in a /24 or /28 can spoof a packet claiming to be another host in the same subnet, and have the spoofed packet escape into the outside world. There's really no way to stop that unless you get *really* fascist with your edge-host facing routers/switches.
pgpDDbPG5qyAq.pgp
Description: PGP signature