Re: [spoofing-tf] Preparing for anti-spoofing project at $fooBig carrier

  • To: "Barry Greene \(bgreene\)" bgreene@localhost
  • From: Gert Doering gert@localhost
  • Date: Tue, 17 Oct 2006 13:35:30 +0200
  • Cc: Gert Doering gert@localhost, Martin Hannigan hannigan@localhost, spoofing-tf@localhost
  • Comment: DomainKeys? See http://antispam.yahoo.com/domainkeys
  • Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=testkey; d=space.net; b=VaG8wAWd8ruMAyjDRSuH4jaAos+kNe9D31xsBg4Ji2TPSn9ce55pNsa9UOwiWoIj ;

Hi,

On Tue, Oct 17, 2006 at 03:53:29AM -0700, Barry Greene (bgreene) wrote:
> > Don't enable ingress filtering on backbone links with 
> > asymmetric traffic.
> > 
> > This is something for the customer edge.
> 
> You making "ingress filtering" = uRPF. uRPF is one of many techniques to
> do ingress filtering. It is one of many techniques to do BCP 38. 

Hmmm, indeed.

> Please do protect your network on the peering and multihoming edges. SPs
> get attacked. 

Well, we do (infrastructure ACLs, anti-spoofing ACLs), but we don't use
uRPF there.

So my wording could have been somewhat more clear.

Gert Doering
        -- NetMaster
-- 
Total number of prefixes smaller than registry allocations:  98999

SpaceNet AG                    Mail: netmaster@localhost
Joseph-Dollinger-Bogen 14      Tel : +49-89-32356-0
D- 80807 Muenchen              Fax : +49-89-32356-234