Usage of fd00::/8 on the Interwebz - something with filters and uRPF
Jeroen Massar
jeroen at massar.ch
Thu May 30 08:23:32 CEST 2013
On 2013-05-29 23:19, Eric Vyncke (evyncke) wrote:
> I do not mind too much getting packets with a ULA as source address;
> not perfect but I can live with those packets
Hmm, you say till the day you receive a 100G of spoofed packets... and
that is what they are as nobody is able to claim they "own" those prefixes.
> (BTW, my own
> residential firewall at home drops all packets whose source is not in
> 2000::/3 and it drops/logs a couple of ULA per week...).
Just showing that quite a few networks are not doing uRPF.
> But, being able to receive those packets with an invalid source, this
> is what really matters: no BCP 38 implemented between you and the
> ULA. BAD BAD...
Fully agree, hence why I raised this on the list as a great example why
people should check for BCP38 and also require that from their peers and
transits (bit trickier for those folks typically, but theoretically also
doable for variances of doable).
Greets,
Jeroen
More information about the ipv6-ops
mailing list