address spoofing

Randy Bush randy at
Fri Apr 23 23:44:46 UTC 1999

> on a router that's not doing filtering, it's going to be a small hit.
> i'm going to infer, however, that any router that's not doing
> filtering is probably not doing much traffic.  and any router that is
> doing a lot of traffic, is already doing filtering.  so it's less of a
> hit.

huh?  for packet filtering, which is what we've been discussing, my
experience is quite the opposite.  one can't really afford packet
filters on routers with oc12s.  and in a multi-path universe, filtering
for source address spoofing is best done at the edges anyway.


More information about the NANOG mailing list