Blocking spoofing at the source (was: ICMP Attacks??)
Joe Rhett
jrhett at ISite.Net
Sat Aug 23 00:01:07 UTC 1997
> > This won't work on anything with multiple diverse paths. And I don't know
> > many companies with their own WANs that don't have such.
> This rule could be made to work only on links that aren't doing any dynamic
> routing protocols, which makes it useful for things like dialup servers.
> Since it becomes next to impossible to filter at the core router level, I
> think the proper place to do this is at the edge of the network (dialup
> servers, static-routed links back to customers), rather than the center.
You're assuming that all non-Internet networks have cores. Very untrue.
--
Joe Rhett Systems Engineer
JRhett at ISite.Net ISite Services
PGP keys and contact information: http://www.navigist.com/Staff/JRhett
More information about the NANOG
mailing list