Good points, but there perhaps should be a third -- altering the routing/forwarding tables as part of a security mechanism such as blackholes, sinkhole attractors, and the effect of blackholes on uRPF.--- "Howard C. Berkowitz" <hcb@gettcomm.com> wrote:
I need to think some more about exactly where it would go and what would be in it, but my initial reaction is that there needs to be a section on "routing". I'd move blackholes/sinkholes out of filtering, as well as uRPF, and add the issues of routing protocol security, sanity checks on routing (correlation with routing registries, prefix limits, etc.), and information-gathering from such things as flaps and generic changes-from-baseline of routing protocol specifics.
I agree with Howard that "routing" should be a major
heading, but I think that it has two major categories:
source validation, and information validation.