[92544] in North American Network Operators' Group
Re: New router feature - icmp error source-interface [was: icmp rpf]
daemon@ATHENA.MIT.EDU (Joe Maimon)
Mon Sep 25 11:40:16 2006
Date: Mon, 25 Sep 2006 11:39:01 -0400
From: Joe Maimon <jmaimon@ttec.com>
To: "Patrick W. Gilmore" <patrick@ianai.net>
Cc: nanog@merit.edu
In-Reply-To: <2A0E638F-631E-447F-A916-1219C78A68B9@ianai.net>
Errors-To: owner-nanog@merit.edu
Patrick W. Gilmore wrote:
>
> On Sep 25, 2006, at 9:06 AM, Ian Mason wrote:
>
>> ICMP packets will, by design, originate from the incoming interface
>> used by the packet that triggers the ICMP packet. Thus giving an
>> interface an address is implicitly giving that interface the ability
>> to source packets with that address to potential anywhere in the
>> Internet. If you don't legitimately announce address space then
>> sourcing packets with addresses in that space is (one definition of)
>> spoofing.
>
>
> Who thinks it would be a "good idea" to have a knob such that ICMP
> error messages are always source from a certain IP address on a router?
I do. I have suggested much the same in the past.
