[23792] in North American Network Operators' Group
Re: address spoofing
daemon@ATHENA.MIT.EDU (Daniel Senie)
Fri Apr 23 19:25:49 1999
Date: Fri, 23 Apr 1999 19:24:25 -0400
From: Daniel Senie <dts@senie.com>
To: John Leong <johnleong@research.bell-labs.com>
Cc: nanog@merit.edu
Errors-To: owner-nanog-outgoing@merit.edu
John Leong wrote:
>
> > Furthermore, whether the RFC [1918] says so or not, I'm going to block
>
> > these packets at *my* border routers, because:
>
> Curious as to the cost (added latency) in doing RFC 1918 source address
> filtering on all packets in the context of cost-benfit analysis.
The cost is dependent on the quality of the filtering implementation of
your routers. It's quite possible to implement source address filtering
as a part of ASIC-assisted routing, resulting in wire-speed filtering.
Whether any given vendor has or has not implemented their equipment to
allow wire speed filtering is something you might want to ask salesmen.
As it's something which network providers should be doing, its a
capability that should be demanded of the hardware vendors.
--
-----------------------------------------------------------------
Daniel Senie dts@senie.com
Amaranth Networks Inc. http://www.amaranthnetworks.com
