28 Mar
2012
28 Mar
'12
1:07 p.m.
On Wed, Mar 28, 2012 at 12:50, David Conrad <drc@virtualized.org> wrote:
I would be surprised if this were true.
I'd argue that today, the vast majority of devices on the Internet (and certainly the ones that are used in massive D(D)oS attacks) are found hanging off singly-homed networks.
Yes, but RPF can be implemented in places other than the customer edge. In those places, lack of widespread, easy, and vendor-supported feasible-path uRPF is what I believe really hurts things. Granted, this is along a different line than what the OP was talking about, but in terms of answering the question of "why don't we see ingress filtering as much as we should?", I think it's a large factor. -- Darius Jahandarie