On Mon, 8 Sep 2003 bdragon@gweep.net wrote:
keep in mind its not destination addresses that are the problem here, BUT if it was, on an experiment (not a very smart one) we routed 0/1 to a lab system inside 701 once in 2001 (as I recall, so before nimda/code-red/blaster) and recieved +600kpps of garbage traffic as a result. Trying to acl/analyze/deal-with that flow was almost impossible... I'm not sure what you want to do with it today when our 'sinkhole' network is consistently handling +20kpps (5x previous) MORE of random garbage than 3 weeks ago, before blaster/nachi started to cause more pain :(
Just think, if you used loose uRPF, you wouldn't need to carry that traffic to your sinkhole network, even you win.
Don't confuse the source and destination. This traffic is packets with an unused DESTINATION address. loose uRPF has *NO* effect on the destination address. Which is greater in a typical backbone? Traffic with a bogon source, or traffic with a bogon destination entering the backbone?