[nsp-sec] creative lying
Alfredo Sola
alfredo at solucionesdinamicas.net
Tue Sep 2 13:48:01 EDT 2008
> thing works at all because so few people use/deploy/maintain BCP-38
> compliance. This was an eye-opener for me.
> http://www.caida.org/workshops/wide/0808/slides/measuring_reverse_paths.pdf
I've been wondering for years, what is so complicated about not letting
spoofed packets out of CPE routers? Even at an aggregation level my
experience is that it creates no issues at all, and it does eliminate a
source of potential (but all too often very real) trouble. Plus, it's
not anything even remotely complicated to deploy; in Cisco-land, it's
one sentence per interface - easily added to a template (such as Team
Cymru's excellent reference secure templates, which do have it).
Perhaps this one is for -discuss.
--
Alfredo Sola
ASP5-RIPE
http://alfredo.sola.es/
More information about the nsp-security
mailing list