mailing list archives
Re: Is AS information useful for security?
From: Eric <eric () roxanne org>
Date: Thu, 15 Dec 2011 21:05:35 -0500
It's useful in terms of remediation as it can help identify through which "door" packets entered your network.
Though, as others will undoubtedly point out, it's trustworthiness will depend upon how you derive the AS mapping and
upon other security features (e.g. uRPF)
-- Eric :)
On Thu, 15 Dec 2011, Joe Loiacono wrote:
Is a good knowledge of either origin-AS, or next-AS with respect to flows
valuable in establishing, monitoring, or re-enforcing a security posture?
In what way?