:* Re: [AFMUG] BCP38
Depends on what you mean by “any prefixes learned by the bgp peers”.
I think most upstreams would manually configure route filters to
control what BGP advertisements to accept, and maybe also an ACL based
on source IP. Otherwise there’s too much risk a customer would
advertise
why wouldnt this be a standard on consumer routers?
On Mon, Jan 12, 2015 at 8:53 AM, Mike Hammett af...@ics-il.net wrote:
http://www.bcp38.info/index.php/Main_Page
Make sure you implement this in your networks. Drop all outbound traffic
to your upstream that is not from valid public IP
@afmug.com
Sent: Monday, January 12, 2015 9:04:38 AM
Subject: Re: [AFMUG] BCP38
why wouldnt this be a standard on consumer routers?
On Mon, Jan 12, 2015 at 8:53 AM, Mike Hammett af...@ics-il.net wrote:
http://www.bcp38.info/index.php/Main_Page
Make sure you implement this in your
http://www.bcp38.info/index.php/Main_Page
Make sure you implement this in your networks. Drop all outbound traffic to
your upstream that is not from valid public IP space.
-
Mike Hammett
Intelligent Computing Solutions
http://www.ics-il.com
To: af@afmug.com
Subject: Re: [AFMUG] BCP38
Hey Mike,
Would you be willing to post an iptables statement that would drop this traffic?
Thanks,
Sean
On Monday, January 12, 2015, Mike Hammett af...@ics-il.net wrote:
http://www.bcp38.info/index.php/Main_Page
Make sure you implement
Hey Mike,
Would you be willing to post an iptables statement that would drop this
traffic?
Thanks,
Sean
On Monday, January 12, 2015, Mike Hammett af...@ics-il.net wrote:
http://www.bcp38.info/index.php/Main_Page
Make sure you implement this in your networks. Drop all outbound traffic
to
...@belairinternet.com
wrote:
I believe the phrase is “all your internets are belong to us”
*From:* Af [mailto:af-boun...@afmug.com] *On Behalf Of *Chuck McCown
*Sent:* Monday, January 12, 2015 10:25 AM
*To:* af@afmug.com
*Subject:* Re: [AFMUG] BCP38
Remember when back in the early days, folks could
IRRs help with that as well.
-
Mike Hammett
Intelligent Computing Solutions
http://www.ics-il.com
- Original Message -
From: Ken Hohhof af...@kwisp.com
To: af@afmug.com
Sent: Mon, 12 Jan 2015 12:07:37 -0600 (CST)
Subject: Re: [AFMUG] BCP38
Depends on what you mean by “any prefixes
those
blocks.
From: Dennis Burgess
Sent: Monday, January 12, 2015 11:46 AM
To: af@afmug.com
Subject: Re: [AFMUG] BCP38
Basically ,any IPs that SHOULD be sourced from your network. But yes, the idea
behind BCP38 is to block src address packets originating from your network that
SHOULD
Remember when back in the early days, folks could announce “all your internets
are mine” and take down everything.
From: Ken Hohhof
Sent: Monday, January 12, 2015 11:07 AM
To: af@afmug.com
Subject: Re: [AFMUG] BCP38
Depends on what you mean by “any prefixes learned by the bgp peers”.
I think
] On Behalf Of Ken Hohhof
Sent: Monday, January 12, 2015 10:55 AM
To: af@afmug.com
Subject: Re: [AFMUG] BCP38
Yeah, I’m missing what the big deal is here. If you’re talking about your
border router to your upstream, why would you allow outbound traffic with
source IPs outside your IP blocks? Allow
If everyone did this, amplification attacks would not occur.
-
Mike Hammett
Intelligent Computing Solutions
http://www.ics-il.com
- Original Message -
From: Mike Hammett af...@ics-il.net
To: Animal Farm af@afmug.com
Sent: Mon, 12 Jan 2015 08:53:32 -0600 (CST)
Subject: [AFMUG
on an LOA.
From: Dennis Burgess
Sent: Monday, January 12, 2015 10:43 AM
To: af@afmug.com
Subject: Re: [AFMUG] BCP38
Very simple. In MT we do an address list of all valid subnets behind the core
routers, this would include any prefixes that you own or use, plus any BGP
prefixes learned from
I believe the phrase is “all your internets are belong to us”
From: Af [mailto:af-boun...@afmug.com] On Behalf Of Chuck McCown
Sent: Monday, January 12, 2015 10:25 AM
To: af@afmug.com
Subject: Re: [AFMUG] BCP38
Remember when back in the early days, folks could announce “all your internets
I just saw this via CNN:
http://www.cnn.com/2015/01/12/politics/centcom-twitter-hacked-suspended/index.html
and my reaction was, CENTCOM has a Twitter account?
From: Chuck McCown
Sent: Monday, January 12, 2015 12:25 PM
To: af@afmug.com
Subject: Re: [AFMUG] BCP38
Remember when back
Sorry, age related dementia...
From: Eric Markow
Sent: Monday, January 12, 2015 11:33 AM
To: af@afmug.com
Subject: Re: [AFMUG] BCP38
I believe the phrase is “all your internets are belong to us”
From: Af [mailto:af-boun...@afmug.com] On Behalf Of Chuck McCown
Sent: Monday, January 12, 2015
, 2015 10:55 AM
*To:* af@afmug.com
*Subject:* Re: [AFMUG] BCP38
Yeah, I’m missing what the big deal is here. If you’re talking about
your border router to your upstream, why would you allow outbound
traffic with source IPs outside your IP blocks? Allow your IPs, block
the rest.
If you’re
...@linktechs.net – 314-735-0270 –
www.linktechs.net http://www.linktechs.net
From: Af [mailto:af-boun...@afmug.com] On Behalf Of Rory McCann
Sent: Monday, January 12, 2015 12:48 PM
To: af@afmug.com
Subject: Re: [AFMUG] BCP38
Can you not accomplish the same thing with the RP_Filter option
...@linktechs.net – 314-735-0270 –
www.linktechs.net http://www.linktechs.net
*From:*Af [mailto:af-boun...@afmug.com] *On Behalf Of *Rory McCann
*Sent:* Monday, January 12, 2015 12:48 PM
*To:* af@afmug.com
*Subject:* Re: [AFMUG] BCP38
Can you not accomplish the same thing with the RP_Filter option
19 matches
Mail list logo
