New router feature - icmp error source-interface [was: icmp rpf]
Joe Maimon
jmaimon at ttec.com
Mon Sep 25 15:39:01 UTC 2006
Patrick W. Gilmore wrote:
>
> On Sep 25, 2006, at 9:06 AM, Ian Mason wrote:
>
>> ICMP packets will, by design, originate from the incoming interface
>> used by the packet that triggers the ICMP packet. Thus giving an
>> interface an address is implicitly giving that interface the ability
>> to source packets with that address to potential anywhere in the
>> Internet. If you don't legitimately announce address space then
>> sourcing packets with addresses in that space is (one definition of)
>> spoofing.
>
>
> Who thinks it would be a "good idea" to have a knob such that ICMP
> error messages are always source from a certain IP address on a router?
I do. I have suggested much the same in the past.
More information about the NANOG
mailing list