[53093] in North American Network Operators' Group
RE: no ip forged-source-address
daemon@ATHENA.MIT.EDU (Daniel Senie)
Wed Oct 30 17:01:41 2002
Date: Wed, 30 Oct 2002 16:42:32 -0500
To: <nanog@nanog.org>
From: Daniel Senie <dts@senie.com>
In-Reply-To: <078c01c28039$db8171e0$4b194104@eagleswings>
Errors-To: owner-nanog-outgoing@merit.edu
At 12:29 PM 10/30/2002, Tony Hain wrote:
>To reiterate the comment I made during the session yesterday, the places
>where strict rpf will be most effective are at the very edge interfaces
>without explicit management (SOHO). This also tends to be the place
>where there is insufficient clue to turn it on.
This is also an area where NAT boxes are prevalent. One would HOPE the NAT
boxes would take care of rejecting bogus source addresses sinec they do
have to do translation on whatever comes in. So encouraging NAT boxes in
the SOHO world is perhaps not so bad...
For the SOHO cases without NAT boxes, cable, dsl and dialup from a single
computer, it would make a great deal of sense for the ISP to take care of
this issue (in the cable head-end router, DSLAM, or NAS).
