On 15/12/2011 16:28, Drew Weaver wrote:
-Original Message-
From: Justin M. Streiner [mailto:strei...@cluebyfour.org]
Sent: Thursday, December 15, 2011 9:45 AM
To: nanog@nanog.org
Subject: Re: Is AS information useful for security?
origin-AS could be another story. If you know of an
It's useful in terms of remediation as it can help identify through which
"door" packets entered your network. Though, as others will undoubtedly point
out, it's trustworthiness will depend upon how you derive the AS mapping and
upon other security features (e.g. uRPF)
-- Eric :)
> On Thu,
On Thu, Dec 15, 2011 at 11:28:48AM -0500, Drew Weaver wrote:
> I could be wrong here but I believe origin-AS uses a lookup from the routing
> table to figure out what the originAS for the source IP should be (and not
> what it explicitly IS) which means the information is unreliable.
Using a bi
-Original Message-
From: Justin M. Streiner [mailto:strei...@cluebyfour.org]
Sent: Thursday, December 15, 2011 9:45 AM
To: nanog@nanog.org
Subject: Re: Is AS information useful for security?
>origin-AS could be another story. If you know of an AS that is being used by
>the ba
On Thu, 15 Dec 2011, Joe Loiacono wrote:
Is a good knowledge of either origin-AS, or next-AS with respect to flows
valuable in establishing, monitoring, or re-enforcing a security posture?
In what ways?
If I'm understanding your question correctly, I think it can be helpful,
to a degree. It'
Is a good knowledge of either origin-AS, or next-AS with respect to flows
valuable in establishing, monitoring, or re-enforcing a security posture?
In what ways?
TIA,
Joe
6 matches
Mail list logo
