By the way, Bruce Schneier just writes about a very similar topic:
http://www.schneier.com/crypto-gram-1011.html#2
Cheers
Seegras
--
"Those who give up essential liberties for temporary safety deserve
neither liberty nor safety." -- Benjamin Franklin
"It's also true that those who would give up
Thanks Jeroen,
Should add the standards references to the slides.
Roque
On Mon, Nov 15, 2010 at 1:16 PM, Jeroen Massar wrote:
> On 2010-11-15 13:05, Oliver Schad wrote:
>> Am Monday 15 November 2010 schrieb mir Roque Gagliano:
>>> I believe Tim has a point in this comment, we already analyze it
On 15 Nov 2010, at 10:27, Viktor Steinmann wrote:
> Wouldn't that do it?
>
> !
> route-map bar deny 10
> match invalid
Hi,
Works *only* if you had a direct adjacency with the network being spoofed. If
your upstream sends you a /22, and a spoofed /24, you can drop the spoofed /24,
but as soo
Am Monday 15 November 2010 schrieb mir Jeroen Massar:
> On 2010-11-15 13:05, Oliver Schad wrote:
> > Am Monday 15 November 2010 schrieb mir Roque Gagliano:
> >> I believe Tim has a point in this comment, we already analyze it
> >> positively internally to add that capability.
> >
> > Does somebody
On 2010-11-15 13:05, Oliver Schad wrote:
> Am Monday 15 November 2010 schrieb mir Roque Gagliano:
>> I believe Tim has a point in this comment, we already analyze it
>> positively internally to add that capability.
>
> Does somebody at cisco try to build a standard from that filtering stuff
> mab
Am Monday 15 November 2010 schrieb mir Roque Gagliano:
> I believe Tim has a point in this comment, we already analyze it
> positively internally to add that capability.
Does somebody at cisco try to build a standard from that filtering stuff
mabye together with other player on the market or do w
On 2010-11-15 12:53, Fredy Kuenzler wrote:
[..]
> Why should we change a generally good working system just because some
> network rookies don't know better? Fix the problem by the source, don't
> circumvent it.
Because you can't trust remote networks?
RPSL would have fixed the PakistaniYoutube i
On 15.11.2010 12:53 Fredy Kuenzler wrote
> Why should we change a generally good working system just because some
> network rookies don't know better? Fix the problem by the source, don't
> circumvent it.
>
Because times are changing? I grew up in Internet _without_ firewalls.
You perhaps would
Am 15.11.2010 12:39, schrieb Roque Gagliano:
I believe Tim has a point in this comment, we already analyze it
positively internally to add that capability.
When all of these starts rolling-out, you would have a huge percentage of
"not-found", that is why you would not want to deny those. There y
Hi Viktor,
I believe Tim has a point in this comment, we already analyze it
positively internally to add that capability.
When all of these starts rolling-out, you would have a huge percentage
of "not-found", that is why you would not want to deny those. There
you can see the importance of genera
Wouldn't that do it?
!
route-map bar deny 10
match invalid
!
Cheers,
Viktor
On 15.11.2010 11:06, tim wrote:
Hi all,
About the talk "BGP Origin ASN Validation" from Roque Gagliano at SwiNOG
#21 I talked afterwards with him with the following remark:
Roque showed a route-map like this one:
ro
Hi all,
About the talk "BGP Origin ASN Validation" from Roque Gagliano at SwiNOG
#21 I talked afterwards with him with the following remark:
Roque showed a route-map like this one:
route-map foo seq 10
match invalid
set local-preference 50
!
route-map foo seq 20
match incomplete
set local-
12 matches
Mail list logo