Hello Leland,
Yes we do see the same behavior!
regards,
Rob Vercouteren
Yes it is, but the problem is that our servers are "attacking" the so called
source address. All the answers are going back to the "source". It is huge
amplification attacks. (some sort of smurf if you want)
The ip addresses are spoofed (We did a capture and saw all different ttl's so
coming fro
Since it is spoofed traffic we block the "source", so not participating in
flooding the real ip address.
The real issue is verify unicast reverse path not being implemented. So that
the ip addresses cannot be spoofed!
(unless we are dealing with some major unknown vurlnerabilities in our
infrast
3 matches
Mail list logo
