[92565] in North American Network Operators' Group
Re: New router feature - icmp error source-interface [was: icmp rpf]
daemon@ATHENA.MIT.EDU (Joseph S D Yao)
Mon Sep 25 22:12:29 2006
Date: Mon, 25 Sep 2006 22:12:37 -0400
From: Joseph S D Yao <jsdy@center.osis.gov>
To: "Patrick W. Gilmore" <patrick@ianai.net>
Cc: nanog@merit.edu
Mail-Followup-To: "Patrick W. Gilmore" <patrick@ianai.net>, nanog@merit.edu
In-Reply-To: <2A0E638F-631E-447F-A916-1219C78A68B9@ianai.net>
Errors-To: owner-nanog@merit.edu
On Mon, Sep 25, 2006 at 09:22:34AM -0400, Patrick W. Gilmore wrote:
...
> Who thinks it would be a "good idea" to have a knob such that ICMP
> error messages are always source from a certain IP address on a router?
...
I've sometimes thought it would be useful when I wanted to hide a route.
But security via obscurity just makes it that much harder to fix
something. Many more times than this would have been useful, I've been
able to identify at which router a problem was by a 'traceroute' that
told me into which router by which interface I was going. When the
owner of the router might not even have known. Or I have had attempts
to do this foiled by routers that used an internal loopback IP address.
On the whole, then, I guess I would vote, "no".
--
Joe Yao
-----------------------------------------------------------------------
This message is not an official statement of OSIS Center policies.
