[c-nsp] CSCuy29638 - MPLS (for IPv4) Brokenness Fixed - ASR920
Saku Ytti
saku at ytti.fi
Fri Aug 5 13:05:16 EDT 2016
On 5 August 2016 at 18:49, Phil Mayers <p.mayers at imperial.ac.uk> wrote:
>> Unless the IP address of your NTP servers are known to an attacker,
>> in that case the packet can simply be spoofed.
>
>
> If you're not doing uRPF and ingress filtering of your own netblocks, you've
> got bigger problems IMO
Fully agreed, it's implied prerequisite when ever you're doing filtering.
--
++ytti
More information about the cisco-nsp
mailing list