[c-nsp] CSCuy29638 - MPLS (for IPv4) Brokenness Fixed - ASR920

Saku Ytti saku at ytti.fi
Fri Aug 5 13:05:16 EDT 2016


On 5 August 2016 at 18:49, Phil Mayers <p.mayers at imperial.ac.uk> wrote:
>> Unless the IP address of your NTP servers are known to an attacker,
>> in that case the packet can simply be spoofed.
>
>
> If you're not doing uRPF and ingress filtering of your own netblocks, you've
> got bigger problems IMO

Fully agreed, it's implied prerequisite when ever you're doing filtering.

-- 
  ++ytti


More information about the cisco-nsp mailing list