3 Dec
2013
3 Dec
'13
1:04 p.m.
On Tue, Dec 03, 2013 at 01:04:03PM +0100, Alessandro Brega wrote:
Setup firewall (iptables) rules so that only traffic with a destination of my own IP space is accepted from other IXP participant. Drop any other traffic from IXP participants.
Hi. Implementing BCP38 on your outgoing interfaces, where you allow only ip packets with source ip address from your address allocation should prevent that and also protect others from spoofing attacks from your own network. on the down side you'd have to process their traffic on the router or even route it through your internal network if your upstream is somewhere else but I don't think they would be pointing their static route at you for long if you drop the packets in the end. cheers mk