On 24/01/2009, at 9:57 AM, Mark Andrews wrote:
You you don't also have blessed silence on the counters
on this rule there is still a problem and you should be
complaining to whoever is sending the packets to you.
This just stops the amplification it doesn't clear up the
problem.
Not every operator out there gives a damn. Getting the entire planet
to implement ingress filtering is an admirable goal, but much like
every other 'recommendation' out there, there are huge chunks of the
internet that won't ever implement it out of ignorance and we'll be
stuck with spoofed traffic.
Conversation I had with one of the guys in our networking team:
"So, we're not under attack? We're just reflecting a small amount of
traffic back to a victim?"
"correct, it is negligible load for us"
"Ok, it's not severity 1 then, none of our customers are affected and
its not affecting us. I'll look at it when I get time."
Which means, of course, never.
Nathan.
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users