New router feature - icmp error source-interface [was: icmp rpf]

• Previous message (by thread): New router feature - icmp error source-interface [was: icmp rpf]
• Next message (by thread): New router feature - icmp error source-interface [was: icmp rpf]
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Patrick W. Gilmore wrote:

> 
> On Sep 25, 2006, at 9:06 AM, Ian Mason wrote:
> 
>> ICMP packets will, by design, originate from the incoming interface  
>> used by the packet that triggers the ICMP packet. Thus giving an  
>> interface an address is implicitly giving that interface the  ability 
>> to source packets with that address to potential anywhere  in the 
>> Internet. If you don't legitimately announce address space  then 
>> sourcing packets with addresses in that space is (one  definition of) 
>> spoofing.
> 
> 
> Who thinks it would be a "good idea" to have a knob such that ICMP  
> error messages are always source from a certain IP address on a router?

I do. I have suggested much the same in the past.

• Previous message (by thread): New router feature - icmp error source-interface [was: icmp rpf]
• Next message (by thread): New router feature - icmp error source-interface [was: icmp rpf]
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]