no ip forged-source-address

• Previous message (by thread): no ip forged-source-address
• Next message (by thread): no ip forged-source-address
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

At 12:29 PM 10/30/2002, Tony Hain wrote:

>To reiterate the comment I made during the session yesterday, the places
>where strict rpf will be most effective are at the very edge interfaces
>without explicit management (SOHO). This also tends to be the place
>where there is insufficient clue to turn it on.

This is also an area where NAT boxes are prevalent. One would HOPE the NAT 
boxes would take care of rejecting bogus source addresses sinec they do 
have to do translation on whatever comes in. So encouraging NAT boxes in 
the SOHO world is perhaps not so bad...

For the SOHO cases without NAT boxes, cable, dsl and dialup from a single 
computer, it would make a great deal of sense for the ISP to take care of 
this issue (in the cable head-end router, DSLAM, or NAS).

• Previous message (by thread): no ip forged-source-address
• Next message (by thread): no ip forged-source-address
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]