Re: BCP 38 addendum (was: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks)

Hi Todd, What you are describing is uRPF VRF mode. This was phase 3 of the uRPF work. Russ White and I worked on it while at Cisco. Given that you are setting up prefix filters with your peers, you can add to the peering agreement that you will only accept packets whose source addresses

Re: BCP 38 addendum (was: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks)

https://en.wikipedia.org/wiki/Reverse_path_forwarding#Loose_mode towards transit. https://en.wikipedia.org/wiki/Reverse_path_forwarding#Strict_mode towards customers. Peers... *shrugs*. - Mike Hammett Intelligent Computing Solutions Midwest Internet Exchange The Brothers WISP

BCP 38 addendum (was: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks)

Question: Since we cannot count on everyone to follow BCP 38 or investigate their abuse@, I was thinking about the feasibility of using filtering to prevent spoofing from peers’ networks. With the exception of a few edge cases, would it be possible to filter inbound traffic allowing only