Re: [Full-Disclosure] Odd packet?

Valdis.Kletnieks_at_vt.edu
Date: 05/26/04

  • Next message: idlabs-advisories_at_idefense.com: "[Full-Disclosure] iDEFENSE Security Advisory 05.26.04: 3Com OfficeConnect Remote 812 ADSL Router Telnet Protocol Denial of Service Vulnerability" 
    To: Jeff Kell <jeff-kell@utc.edu>
Date: Wed, 26 May 2004 13:44:16 -0400

    On Wed, 26 May 2004 13:16:52 EDT, you said:
    > Well, when you're cranking gigabits sometimes those little checks can
    > become a bottleneck.

    Especially on older Cisco gear. However, it's been a few years since
    their stuff wasn't able to do at least basic filtering at line speed (and Juniper
    has always been good at line-rate stuff). I haven't heard if the newly
    announced Ciscos are able to do filtering on their OC768 interfaces at
    line rate...

    > Besides, safe routing begins at home. If end-users (or endpoints) would
    > do ingress/egress filtering, there wouldn't be a problem. I'm not so
    > certain we should place the blame on the core backbone for passing the
    > packets it is sent without alteration.

    Everybody agrees that it's painful to do it in the core, simply because UPRF
    doesn't work well with the asymmetric routing that BGP sometimes
    hands you - and the alternative isn't pretty when the default-free zone is
    sitting at some 110K routes... ;)

    On the other hand, not doing URPF or equivalent at the ISP's edge router to a
    single-homed customer is pretty lame. Considering that some 30% of the traffic
    that arrives at the root nameservers has source addresses in RFC1918 space,
    there's a LOT of broken NAT configs that are spewing and a LOT of broken ISPs
    that aren't doing bogon filtering....

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html

  • Next message: idlabs-advisories_at_idefense.com: "[Full-Disclosure] iDEFENSE Security Advisory 05.26.04: 3Com OfficeConnect Remote 812 ADSL Router Telnet Protocol Denial of Service Vulnerability"
    • Quantcast