Blocking spoofing at the source (was: ICMP Attacks??)

Joe Rhett jrhett at ISite.Net
Sat Aug 23 00:01:07 UTC 1997

> > This won't work on anything with multiple diverse paths. And I don't know
> > many companies with their own WANs that don't have such.
> This rule could be made to work only on links that aren't doing any dynamic
> routing protocols, which makes it useful for things like dialup servers.
> Since it becomes next to impossible to filter at the core router level, I 
> think the proper place to do this is at the edge of the network (dialup 
> servers, static-routed links back to customers), rather than the center.
You're assuming that all non-Internet networks have cores. Very untrue.

Joe Rhett                                                 Systems Engineer
JRhett at ISite.Net                                          ISite Services

PGP keys and contact information:

More information about the NANOG mailing list