On Thu, 11 Sep 2008, Jo Rhett wrote:
[Pekka:]
Loose mode URPF is [..] (IMHO) pretty much waste of time and is confusing
the discussion about real spoofing protection. The added protection
compared to ACLs that drop private and possibly bogons is not that big and
it causes transient losses when the routing tables are changing.
I disagree. But I will say that if everyone would apply strict mode or ACLs
to their end point interfaces, this would likely make most of the loose mode
irrelevant.
FWIW, based on off-list discussion, Jo's disagreement seems to stem
from a misunderstanding of how loose uRPF works (he didn't know it
accepts any packet that has a route in the routing table).
--
Pekka Savola "You each name yourselves king, yet the
Netcore Oy kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
