[nsp-sec] Revisiting the DDOS Route Server project
John Fraizer
john at op-sec.us
Fri Aug 14 13:37:58 EDT 2009
On Thu, Aug 13, 2009 at 7:59 AM, Florian Weimer <fweimer at bfk.de> wrote:
> ----------- nsp-security Confidential --------
>
> At that point, the source address becomes meaningless anyway and you
> can use spoofed packets to control bots. 8-/
>
>
Strict-mode uRPF on customer-facing interfaces will kill the spoofed
packets.
Loose-mode uRPF "non-customer" interfaces will kill traffic from null-routed
hosts.
John
More information about the nsp-security
mailing list