<div><div class="gmail_quote">On 28 March 2013 02:18, Merike Kaeo <span dir="ltr"><<a href="mailto:merike@doubleshotsecurity.com" target="_blank">merike@doubleshotsecurity.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Since the Spamhouse/Cloudflare DDoS is now hitting news I figured I'd remind folks here that BCP38 (ingress filtering)<br>
<a href="http://tools.ietf.org/html/bcp38" target="_blank">http://tools.ietf.org/html/bcp38</a> is not just for IPv4.<br>
<br>
Check your routers for IPv4 and IPv6 uRPF configuration ability and enable it (after understanding difference between loose and strict uRPF modes) :)<br>
<br>
IP address spoofing is something that many have known are problematic but sadly it takes real attacks to make people wake up.<br>
<br>
Post mortem will determine whether any IPv6 traffic involved but there were IPv4 and IPv6 addresses listed on some pleas for overall filtering.<br>
<br>
Let the press mayhem begin.....I decided not to send a link to any one article since they all are fairly bad at the overall facts and some more sensationalistic than others. There will be talks at NANOGs and RIPEs and other operational forums that will tell the real deal. But note that spoofing is a very real problem and is by far the most prevalent reason that amplification attacks are realized.<br>
<span><font color="#888888"><br>
- merike</font></span></blockquote></div><br></div><div>To throw a small data point out there, I have had several server/VPS providers who all (but one) performed filtering on v4, but nearly all forgot it with v6 (some have since done it).<div>
<br clear="all"><div>- Mike</div></div></div><div><br></div>