[23794] in North American Network Operators' Group
Re: address spoofing
daemon@ATHENA.MIT.EDU (Andrew Brown)
Fri Apr 23 19:32:58 1999
Date: Fri, 23 Apr 1999 19:29:21 -0400
From: Andrew Brown <twofsonet@graffiti.com>
To: John Leong <johnleong@research.bell-labs.com>
Cc: nanog@merit.edu
Reply-To: Andrew Brown <atatat@atatdot.net>
In-Reply-To: <3720FF12.D2174BDD@research.bell-labs.com>; from John Leong on Fri, Apr 23, 1999 at 04:15:30PM -0700
Errors-To: owner-nanog-outgoing@merit.edu
>> Furthermore, whether the RFC [1918] says so or not, I'm going to block
>> these packets at *my* border routers, because:
>
>Curious as to the cost (added latency) in doing RFC 1918 source address
>filtering on all packets in the context of cost-benfit analysis.
on a router that's not doing filtering, it's going to be a small hit.
i'm going to infer, however, that any router that's not doing
filtering is probably not doing much traffic. and any router that is
doing a lot of traffic, is already doing filtering. so it's less of a
hit.
--
|-----< "CODE WARRIOR" >-----|
codewarrior@daemon.org * "ah! i see you have the internet
twofsonet@graffiti.com (Andrew Brown) that goes *ping*!"
andrew@crossbar.com * "information is power -- share the wealth."
