Skip to Content.
Sympa Menu

netsec-sig - Re: [Security-WG] Spoof/RPF Numbers

Subject: Internet2 Network Security SIG

List archive

Re: [Security-WG] Spoof/RPF Numbers


Chronological Thread 
  • From: Paul Howell <>
  • To: "" <>
  • Subject: Re: [Security-WG] Spoof/RPF Numbers
  • Date: Fri, 11 May 2018 10:55:41 +0000
  • Accept-language: en-US
  • Authentication-results: internet2.edu; dkim=none (message not signed) header.d=none;internet2.edu; dmarc=none action=none header.from=internet2.edu;
  • Ironport-phdr: 9a23:6ANt5hM/N7e3bSUBN2Al6mtUPXoX/o7sNwtQ0KIMzox0I/3+rarrMEGX3/hxlliBBdydt6ofzbKO+4nbGkU4qa6bt34DdJEeHzQksu4x2zIaPcieFEfgJ+TrZSFpVO5LVVti4m3peRMNQJW2aFLduGC94iAPERvjKwV1Ov71GonPhMiryuy+4ZLebxlGiTanfb9+MAi9oBnMuMURnYZsMLs6xAHTontPdeRWxGdoKkyWkh3h+Mq+/4Nt/jpJtf45+MFOTav1f6IjTbxFFzsmKHw65NfqtRbYUwSC4GYXX3gMnRpJBwjF6wz6Xov0vyDnuOdxxDWWMMvrRr0yRD+s7bpkSAXwhSkHKTA37X3XhMJzgq1VoRKuuxNwzpXOb42JMfpzZL/RcMkYSGdHQ81fVzZBAoS5b4YXFeQOJ/tYr43grFUMqhu/CxejBOfryjRVgXL2xa060+MvEA7Y2AwgG8kDsHXSrNXpKqgSS+a1w7fUzTnddf9Zxyry6JXRfx0nvPqCXqpwfNLPxUY1Cw/Jk1CdpZH4Mz+I0+kNvWeW4/Z8We+qiWMotQ58rziqy8oplIXFmoAYxkjF+Ch62oo4Ktm1RFRmbdOlDZdcrTyWO5V1T886TWFnpiU3xqEDtJO+YicHy4gryhDaZvGDcYWF7B3uWeOSLDp7n31oe7eyiA288US8zOD3S9O630xQriVfl9nBrnAN2ALX6siAUvZz5lus1zGT2wzN8+1JP0I7mbfCJ54m2bE/iIAfsUPeHi/qg0r2i7KWdkM59eSy8+TneLLmpoOCOIBolgH+M6MumsqlDeQ/LwgOQ2yb+eO71L3g50H2XLJKjvgunqnYtpDVO9gbq7anDwBPzoov9hOyAyq73NgFmHQHIl1IdA6bg4XsOVzBPv/1APe6jlmpjjtn2/LLMqXkAprXL3jDlLnhfax6605Z0Acz1dBf55VaC74fJPLzXlT8tN3eDh8lLQO02eDnB8th1o8AQ26AHLKWML7KvV+S+u0vO/WMZJMSuDvlMPgq+eLhjWIjmV8cYamo3YIbaX63Hvl9J0WZYGHsgssaEWsUpAY+TerqiEGcXj5JYXa9Qb486i8hBI24EIjDW9PlvLvUljy2FYBMZ3xXT0+DOXbua4ieXfoQMmSfLtIr2mgfWLO8UY49xFSxuyf7zaZqNOzZ5ndeuJ7+gotb/erWwCk76Dg8L8OC3mWJBzVsnmQXSjsy9KF5vUFnzFqfi+51j+EORo8b3O9ATgpvbc2U9Od9Ed2nAg8=
  • Spamdiagnosticoutput: 1:0

Hi Seth,

 

Thanks for the numbers.   Does the rate of drops/blocks happen more or less  consistently 24x7, or do you notice patterns?

 

Regards,

Paul

 

 

From: <> on behalf of "Garrett, Seth B" <>
Reply-To: "" <>
Date: Thursday, May 10, 2018 at 3:06 PM
To: "" <>
Subject: [Security-WG] Spoof/RPF Numbers

 

Some numbers I volunteered to get during the Internet2 Global Summit Security Working Group lunch.

 

1.       How often are Indiana University IPs spoofed to IU from external sources:

o    ​Over a 10 minute period we drop approximately 700 packets that have our own IP space spoofed as a source.

2.       Internet facing RPF drops as a security response:

o    ​This is our RTBH system combined with RPF to source block external offenders that are null routed

o    Over a 10 minute period it blocked 1,550,000 packets 

 

 

Seth Garrett
Principal Network Systems Engineer
Indiana University


Archive powered by MHonArc 2.6.19.

Top of Page