On 28 March 2013 02:18, Merike Kaeo <[email protected]> wrote:
> Since the Spamhouse/Cloudflare DDoS is now hitting news I figured I'd > remind folks here that BCP38 (ingress filtering) > http://tools.ietf.org/html/bcp38 is not just for IPv4. > > Check your routers for IPv4 and IPv6 uRPF configuration ability and enable > it (after understanding difference between loose and strict uRPF modes) :) > > IP address spoofing is something that many have known are problematic but > sadly it takes real attacks to make people wake up. > > Post mortem will determine whether any IPv6 traffic involved but there > were IPv4 and IPv6 addresses listed on some pleas for overall filtering. > > Let the press mayhem begin.....I decided not to send a link to any one > article since they all are fairly bad at the overall facts and some more > sensationalistic than others. There will be talks at NANOGs and RIPEs and > other operational forums that will tell the real deal. But note that > spoofing is a very real problem and is by far the most prevalent reason > that amplification attacks are realized. > > - merike To throw a small data point out there, I have had several server/VPS providers who all (but one) performed filtering on v4, but nearly all forgot it with v6 (some have since done it). - Mike
