[23797] in North American Network Operators' Group
Re: address spoofing
daemon@ATHENA.MIT.EDU (Randy Bush)
Fri Apr 23 19:48:54 1999
Date: Fri, 23 Apr 1999 16:44:46 -0700 (PDT)
From: Randy Bush <randy@psg.com>
To: Andrew Brown <atatat@atatdot.net>
Cc: John Leong <johnleong@research.bell-labs.com>, nanog@merit.edu
Errors-To: owner-nanog-outgoing@merit.edu
> on a router that's not doing filtering, it's going to be a small hit.
> i'm going to infer, however, that any router that's not doing
> filtering is probably not doing much traffic. and any router that is
> doing a lot of traffic, is already doing filtering. so it's less of a
> hit.
huh? for packet filtering, which is what we've been discussing, my
experience is quite the opposite. one can't really afford packet
filters on routers with oc12s. and in a multi-path universe, filtering
for source address spoofing is best done at the edges anyway.
randy
