ICMP Attacks???????

Joe Rhett jrhett at ISite.Net
Fri Aug 22 21:42:42 UTC 1997

> > I don't think that's a good idea.  The vast majority of routers that
> > I sell to customers are not used in Internet applications, and to add
> > another configuration step to enable the router to do what routers
> > traditionally do by default would be very confusing to the end user.
> You're saying that Corporate America *relies* on being able to to
> IP source address spoofing through the routers it builds its commercial
> private networks with?
<sigh> No, I believe he's saying that corporate america comes in two

1) that isn't terribly clueful, and don't know how their packets route
(scary how often you see this .. RIP-based networks that "just work")

2) Multi-path, decentralized network administration. So any given router
will not be aware of all paths in the topology, and may route packets
that it doesn't know how to return. Deliberately.

Trust me, you don't know how your peer routes their traffic. Neither does
sales know how the engineering department does in some cases. Or the
backbone group knows all, and the department routers know nothing.

In any case, this logic used for this would have to be very complex.
..which would cause complex problems. I prefer simple manual editing.

Actually, on the End-Of-Branch routers you could implement functions which
say not to route anything coming through a given interface unless it is
from that network. But this won't work on most branch router

It's simply not that simple.
Joe Rhett                                                 Systems Engineer
JRhett at ISite.Net                                          ISite Services

PGP keys and contact information:     http://www.navigist.com/Staff/JRhett

More information about the NANOG mailing list