On Mon, 18 Aug 2008, Danny McPherson wrote:
All the interesting attacks today that employ spoofing (and the
majority of the less-interesting ones that employ spoofing) are
usually relying on existence of the source as part of the attack
vector (e.g., DNS cache poisoning, BGP TCP RST attacks,
DNS
On Tue, 19 Aug 2008, Kevin Loch wrote:
While you're at it, you also placed the reachable-via rx on
all your customer interfaces. If you're paranoid, start with the 'any'
rpf and then move to the strict rpf. The strict rpf also helps with
routing loops.
Be careful not to enable strict
I'd like to talk to someone about a problem with some prefixes no longer
working through your network. Please contact off list (email best)
ThanksChuck
Charles L. Mills
Senior Network Engineer
Access Data Corporation / Pittsburgh, PA 15238
Cmills at accessdc dot com
This e-mail me
On Aug 20, 2008, at 7:00 AM, Kevin Loch wrote:
It doesn't look like the feasible paths rpf handles the situation
where
your bgp customer is not announcing all or any of their prefixes to
you.
This can be done for TE or debugging an inbound routing
issue. Announcing prefixes to me and then bl
A very old one:)
http://atm.tut.fi/list-archive/ipng/msg00163.html
Miya
> -Original Message-
> From: Sam Stickland [mailto:[EMAIL PROTECTED]
> Sent: Thursday, August 21, 2008 10:32 PM
> To: Randy Bush
> Cc: nanog list
> Subject: Re: It's Ars Tech's turn to bang the IPv4 exhaustion drum
>
Randy Bush wrote:
and consider matsuzaki-san's dos vulnerability on a /64 p2p link. the
prudent operational advice today is to use a /127.
randy
Can you provide some more information on this vulnerability? My
google-fu appears to be weak.
Sam
On 20 aug 2008, at 21:33, Crist Clark wrote:
No, that's my point. On a true point-to-point link, there is
only one other address on the link. That's what point-to-point
means.
For example, on the IPv4 ends gif(4) tunnel in my previous message,
gif0: flags=8051 metric 0 mtu 1280
tun
7 matches
Mail list logo
