On 2/14/2014 9:07 PM, Paul Ferguson wrote:
> Indeed -- I'm not in the business of bit-shipping these days, so I
> can't endorse or advocate any particular method of blocking spoofed IP
> packets in your gear.
If you're dead-end, a basic ACL that permits ONLY your prefixes on
egress, and blocks you
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 2/14/2014 4:09 PM, Joe Provo wrote:
> On Fri, Feb 14, 2014 at 10:42:55AM -0800, Paul Ferguson wrote:
> [snip]
>> Taken to the logical extreme, the "right thing" to do is to deny
>> any spoofed traffic from abusing these services altogether. NTP
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 2/14/2014 3:00 PM, Larry Sheldon wrote:
> On 2/14/2014 12:42 PM, Paul Ferguson wrote:
>> Taken to the logical extreme, the "right thing" to do is to deny
>> any spoofed traffic from abusing these services altogether.
>
> Since the 1990s I have a
On Fri, Feb 14, 2014 at 10:42:55AM -0800, Paul Ferguson wrote:
[snip]
> Taken to the logical extreme, the "right thing" to do is to deny any
> spoofed traffic from abusing these services altogether. NTP is not the
> only one; there is also SNMP, DNS, etc.
...and then we're back to "implement BCP3
On 2/14/2014 12:42 PM, Paul Ferguson wrote:
Taken to the logical extreme, the "right thing" to do is to deny any
spoofed traffic from abusing these services altogether.
Since the 1990s I have argued (ineffectively, it turns out) a case that
says that sentence can be edited down to good advanta
5 matches
Mail list logo
