RE: Application Note: Securing BGP on Juniper Routers

] By the way, what are your ideas on unicast RPF? I hear it's now also ] available on Juniper. I definitely like it and it has great applications in certain environments. It would also be nice if they added the reachable via-any knob, but that may come in time. It makes for easier administration of anti-spoofing in a lot of cases. URPF for all non-transit links with symmetric traffic flows would be a great start. ] The thing that's really unfortunate is that the large networks don't force ] their peers to do this. It's fairly trivial to set up something that ] catches some spoofed stuff (for instance, 192.168/16 sources) and tells ] you from which peer it came. Then you can tell them to get their act ] together or you'll depeer. If the tier-1 networks start to do this, ] spoofing will come to an end in our lifetimes. Since this is a ($) business, I don't think depeering will happen any time soon due to traffic spoofing as this would likely cause a very significant loss of revenue/peering/etc... There are likely also contractual obligations to consider in many cases. Some form of a penalty built into an agreement would definitely be nice, or even discounts/bonuses for those that do follow anti-spoofing guidelines. The incentive is just not there for this to take place on both sides, and the smaller folks are often the ones to feel the pain. ] As long as we're talking about anti-(D)DoS measures, tell me what you ] think of http://www.bgpexpert.com/antidos.php #1 is commonly used though it effectively does the attackers job for him, unless there is other infrastructure that is adversely affected as a result. Some have combined this with the use of backscatter tracing to track the actual source of the attack though I don't see any mention of this in the URL. #2 Should be used more, but it is a bit more difficult for transit links. This is relatively new in JUNOS and I've not yet taken the opportunity to add it to the templates. #3 This one makes very little sense. It seems quite vague with little operational detail and isn't very practical. Cheers, -- steve

WebMediaBrands Corporate Info

Legal Notices, Licensing, Reprints, Permissions, Privacy Policy.
Advertise | Newsletters | Shopping | E-mail Offers | Freelance Jobs

Solutions

Whitepapers and eBooks

Whitepaper: Introducing the Azure Services Platform
Whitepaper: Introduction to Microsoft .NET Services for Developers
Whitepaper: Securing Microsoft's Cloud Infrastructure
Internet.com eBook: Becoming a Better Project Manager
Microsoft Partner Portal: What Azure Means for Microsoft Partners

Internet.com eBook: Web Development Frameworks for Java
Internet.com eBook: Developing a Content Management System Strategy
Article: Ten Things IT Professionals Should Know About Windows 7
MORE WHITEPAPERS, EBOOKS, AND ARTICLES

Webcasts

Get Started with .NET Services

MORE WEBCASTS, PODCASTS, AND VIDEOS

Downloads and eKits

Amyuni: PDF & PDF/A Engine for .NET and ActiveX Apps
Red Gate Free Trial: SQL Toolbelt
Iron Speed Designer Application Generator

Download Award-Winning Red Gate SQL Backup Pro
MORE DOWNLOADS, EKITS, AND FREE TRIALS

Tutorials and Demos

Internet.com Hot List: Get the Inside Scoop on the Hottest IT and Developer Products
Internet.com Hot List: Java EE 6 Platform Highlights the JavaOne Conference

MORE TUTORIALS, DEMOS AND STEP-BY-STEP GUIDES