[c-nsp] DNS amplification

Gert Doering gert at greenie.muc.de
Sun Mar 17 07:42:57 EDT 2013


Hi,

On Sun, Mar 17, 2013 at 11:04:47AM +0000, Dobbins, Roland wrote:
> On Mar 17, 2013, at 5:38 PM, Gert Doering wrote:
> 
> > uRPF helps everybody else 
> 
> It helps you yourself, as well - spoofed traffic is by definition
> garbage.  It consumes aggregation link capacity, core capacity; it
> affects peering ratios and paid transit traffic tallies; it clouds
> the data horizon and makes traceback of undesirable network traffic
> impossible.

To play the devil's advocate - if I bill my customers by the GByte on
their port, I don't mind if it's spoofed or not... "traffic is traffic,
they pay for it, I transport it"...

But you're certainly right, I just want to point out why people might
not care, even if it's eating up their bandwidth.

gert
-- 
USENET is *not* the non-clickable part of WWW!
                                                           //www.muc.de/~gert/
Gert Doering - Munich, Germany                             gert at greenie.muc.de
fax: +49-89-35655025                        gert at net.informatik.tu-muenchen.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 305 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/cisco-nsp/attachments/20130317/971539c4/attachment.sig>


More information about the cisco-nsp mailing list