[23795] in North American Network Operators' Group
Re: address spoofing
daemon@ATHENA.MIT.EDU (sthaug@nethelp.no)
Fri Apr 23 19:39:11 1999
To: johnleong@research.bell-labs.com
Cc: forrestc@iMach.com, dts@senie.com, nanog@merit.edu
From: sthaug@nethelp.no
In-Reply-To: Your message of "Fri, 23 Apr 1999 16:15:30 -0700"
Date: Sat, 24 Apr 1999 01:30:20 +0200
Errors-To: owner-nanog-outgoing@merit.edu
> > Furthermore, whether the RFC [1918] says so or not, I'm going to block
> > these packets at *my* border routers, because:
>
> Curious as to the cost (added latency) in doing RFC 1918 source address
> filtering on all packets in the context of cost-benfit analysis.
Well, we added filtering of spoofed source addresses (ie. our own) at our
border routers quite a while ago. Adding filters for the RFC 1918 source
addresses was a complete no-brainer - three more lines in a filter that
already had around 15 lines. *No* visible (to us) increased processor
load or latency.
(I'm sure it can be measured - but in our case it's completely lost in
the noise.)
Steinar Haug, Nethelp consulting, sthaug@nethelp.no
