[j-nsp] DDoS to core interface - mitigation
Gert Doering
gert at greenie.muc.de
Fri Mar 9 06:21:32 EST 2018
Hi,
On Fri, Mar 09, 2018 at 10:52:51AM +0000, James Bensley wrote:
> In addition to the above, try to avoid use public IPs on internal
> links if you can, they don't need to be reachable from the Internet
> and it saves on IPv4 address space :)
If you do so, ensure that ICMPs sent from these routers get sent from
global IPv4 addresses - leaking RFC1918 space violates said RFC
(and filtering out those leads to "* * *" in traceroute which
sucks)
gert
--
now what should I write here...
Gert Doering - Munich, Germany gert at greenie.muc.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 630 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/juniper-nsp/attachments/20180309/ec12025e/attachment.sig>
More information about the juniper-nsp
mailing list