13 Oct
2004
13 Oct
'04
2:09 p.m.
i've never seen a dns attack that didn't have 50% or more packets coming from spoofed sources, though due to loose-mode uRPF, most spoofed sources in the last year or so have been from addresses for which a route exists. -- Paul Vixie
reiterating a sometimes heretical idea... are you refering to things like 172.17.0.0/16 where only a couple hundred of those numbers have real services, e.g. all the services are in 172.17.22.0/24 and the spoofed addresses are in 172.17.128.0/17 space? or... why do people insist on injecting routes to non-existent things? a route table entry is a route table entry, regardless of the scope. --bill