Re: Working vulnerability? (Cisco exploit)
I'd estimate than less than a tenth of a percent (that's 0.1%) of edge paths use RPF, even though BCP38 states the case clearly and the technology makes it easy
"Makes it easy" if you live in an Internet with a number of routes significantly less than the limit imposed for having stable RPF enabled on your devices, or have devices without bugs in RPF checking when said limit is spotted vaguely across the horizon.
since those are two very common beliefs about BCP38 deployment, i'm going to leave it to barry to repost his standard answers to them, once he's gotten some sleep.
I dont seem to be in either of those places. (Although I have not sacrificed a router in the last upgrade version or two to see if things have improved.)
please do, and please post your results, as an example to others.
participants (1)
-
Paul Vixie