North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: 69/8...this sucks -- Centralizing filtering..
On Tue, 11 Mar 2003, Peter Galbavy wrote: > > If all routes in the routing table are good (which soBGP and S-BGP can > > do for you) and routers filter based on the contents of the routing > > table, hosts will not see any bogon packets except locally generated > > ones so they shouldn't have bogon filters of their own. > I believe you are confusing authentication with authorisation. I don't think I am. > Having authentic routes does not imply that all the traffic will be > 'correct'. Various networks will always fail to filter customer traffic at > ingress etc. and then source address spoofing becomes trivial. I don't see your point. Packets with bogon sources are just one class of spoofed packets. As I've explained earlier S-BGP or soBGP with uRPF will get rid of bogons. Neither this or bogon filters on the host will do anything against non-bogon spoofed packets.