14 Jun
2015
14 Jun
'15
1:31 p.m.
packets with source 44 from the
internet are filtered because of that 44/8 routing rule some talked about.
It's also not true of the IPIP-only connected networks. The gateway at
UCSD only blackholes 44/8 packets from IPIP nets toward the internet, not
from it (as long as the IPIP destination is valid). This means, BGP nets
(and spoofed internet traffic) can send packets to IPIP nets though the
gateway just fine. It's the return path that is broken.
As a result, if you use TCP you can filter out most unwanted internet users
(until the gateway gets fixed). But similar to what Bryan said, this does
not give you any assurance that the traffic is from the direct actions of a
licensed amateur.
On Sun, Jun 14, 2015 at 10:07 AM, Marius Petrescu <marius(a)yo2loj.ro> wrote:
(Please trim inclusions from previous messages)
_______________________________________________
Ah, I forgot...
This of course doesn't hold true for BGP announced subnets, if both subnets
involved are BGP announced.