[11919] in North American Network Operators' Group
Re: ICMP Attacks???????
daemon@ATHENA.MIT.EDU (Jay R. Ashworth)
Fri Aug 22 18:22:19 1997
Date: Fri, 22 Aug 1997 18:09:21 -0400
From: "Jay R. Ashworth" <jra@scfn.thpl.lib.fl.us>
To: Joe Rhett <jrhett@ISite.Net>
Cc: woods@weird.com, nanog@merit.edu
In-Reply-To: <199708222142.OAA26551@narc.noc.isite.net>; from Joe Rhett <jrhett@ISite.Net> on Fri, Aug 22, 1997 at 02:42:42PM -0700
On Fri, Aug 22, 1997 at 02:42:42PM -0700, Joe Rhett wrote:
> > > I don't think that's a good idea. The vast majority of routers that
> > > I sell to customers are not used in Internet applications, and to add
> > > another configuration step to enable the router to do what routers
> > > traditionally do by default would be very confusing to the end user.
>
> > You're saying that Corporate America *relies* on being able to to
> > IP source address spoofing through the routers it builds its commercial
> > private networks with?
>
> <sigh> No, I believe he's saying that corporate america comes in two
> flavors.
>
> 1) that isn't terribly clueful, and don't know how their packets route
> (scary how often you see this .. RIP-based networks that "just work")
>
> 2) Multi-path, decentralized network administration. So any given router
> will not be aware of all paths in the topology, and may route packets
> that it doesn't know how to return. Deliberately.
>
> Trust me, you don't know how your peer routes their traffic. Neither does
> sales know how the engineering department does in some cases. Or the
> backbone group knows all, and the department routers know nothing.
So far, so good.
> In any case, this logic used for this would have to be very complex.
> ..which would cause complex problems. I prefer simple manual editing.
No, not really.
> Actually, on the End-Of-Branch routers you could implement functions which
> say not to route anything coming through a given interface unless it is
> from that network. But this won't work on most branch router
> configurations.
This was what I originally proposed, in the posting from which this
thread descended. Did everyone miss it?
Cheers,
-- jra
--
Jay R. Ashworth jra@baylink.com
Member of the Technical Staff Unsolicited Commercial Emailers Sued
The Suncoast Freenet "People propose, science studies, technology
Tampa Bay, Florida conforms." -- Dr. Don Norman +1 813 790 7592
