From owner-freebsd-current@FreeBSD.ORG  Mon Mar  8 08:21:20 2004
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 9029616A4CE
	for <current@freebsd.org>; Mon,  8 Mar 2004 08:21:20 -0800 (PST)
Received: from pit.databus.com (p70-227.acedsl.com [66.114.70.227])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 396D743D1D
	for <current@freebsd.org>; Mon,  8 Mar 2004 08:21:20 -0800 (PST)
	(envelope-from barney@pit.databus.com)
Received: from pit.databus.com (localhost [127.0.0.1])
	by pit.databus.com (8.12.11/8.12.11) with ESMTP id i28GLJhV039741
	for <current@freebsd.org>; Mon, 8 Mar 2004 11:21:19 -0500 (EST)
	(envelope-from barney@pit.databus.com)
Received: (from barney@localhost)
	by pit.databus.com (8.12.11/8.12.11/Submit) id i28GLJXZ039740
	for current@freebsd.org; Mon, 8 Mar 2004 11:21:19 -0500 (EST)
	(envelope-from barney)
Date: Mon, 8 Mar 2004 11:21:19 -0500
From: Barney Wolff <barney@databus.com>
To: current@freebsd.org
Message-ID: <20040308162119.GA39373@pit.databus.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.5.6i
X-Scanned-By: MIMEDefang 2.39
Subject: [hrlinneweh@sbcglobal.net: Re: Source address validation (was Re:
	UUNet Offer New Protection Against DDoS)]
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Mar 2004 16:21:20 -0000

The following may be of some interest, given the recent laudable effort
to add urpf to fbsd.  I'll note that anyone with does want default to
validate any source address can always add 0/1 and 128/1 instead of
default to achieve the same effect.

----- Forwarded message from Henry Linneweh <hrlinneweh@sbcglobal.net> -----

Delivered-To: nanog@merit.edu
Date: Mon, 8 Mar 2004 07:09:50 -0800 (PST)
From: Henry Linneweh <hrlinneweh@sbcglobal.net>
Subject: Re: Source address validation (was Re: UUNet Offer New Protection Against DDoS)
To: nanog-post@rsuc.gweep.net, nanog@merit.edu

Here is some insight on this issue 

What is Unicast Reverse Path Forwarding (uRPF)? Can a default route 0.0.0.0/0 be used to perform a uRPF check? 

http://www.cisco.com/warp/public/105/44.html#Q18

-Henry

----- End forwarded message -----

-- 
Barney Wolff         http://www.databus.com/bwresume.pdf
I'm available by contract or FT, in the NYC metro area or via the 'Net.