[11921] in North American Network Operators' Group
Re: Blocking spoofing at the source (was: ICMP Attacks??)
daemon@ATHENA.MIT.EDU (Joe Rhett)
Fri Aug 22 19:59:36 1997
In-Reply-To: <199708222218.SAA04541@foobar.terra.net> from Eric Osborne at "Aug 22, 97 06:18:34 pm"
To: nanog@merit.edu
Date: Fri, 22 Aug 1997 17:01:07 -0700 (PDT)
From: Joe Rhett <jrhett@ISite.Net>
> > This won't work on anything with multiple diverse paths. And I don't know
> > many companies with their own WANs that don't have such.
> This rule could be made to work only on links that aren't doing any dynamic
> routing protocols, which makes it useful for things like dialup servers.
> Since it becomes next to impossible to filter at the core router level, I
> think the proper place to do this is at the edge of the network (dialup
> servers, static-routed links back to customers), rather than the center.
You're assuming that all non-Internet networks have cores. Very untrue.
--
Joe Rhett Systems Engineer
JRhett@ISite.Net ISite Services
PGP keys and contact information: http://www.navigist.com/Staff/JRhett
