New router feature - icmp error source-interface [was: icmp rpf]

• Previous message (by thread): New router feature - icmp error source-interface [was: icmp rpf]
• Next message (by thread): New router feature - icmp error source-interface [was: icmp rpf]
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Sep 25, 2006 at 09:22:34AM -0400, Patrick W. Gilmore wrote:
...
> Who thinks it would be a "good idea" to have a knob such that ICMP  
> error messages are always source from a certain IP address on a router?
...


I've sometimes thought it would be useful when I wanted to hide a route.
But security via obscurity just makes it that much harder to fix
something.  Many more times than this would have been useful, I've been
able to identify at which router a problem was by a 'traceroute' that
told me into which router by which interface I was going.  When the
owner of the router might not even have known.  Or I have had attempts
to do this foiled by routers that used an internal loopback IP address.
On the whole, then, I guess I would vote, "no".


-- 
Joe Yao
-----------------------------------------------------------------------
   This message is not an official statement of OSIS Center policies.

• Previous message (by thread): New router feature - icmp error source-interface [was: icmp rpf]
• Next message (by thread): New router feature - icmp error source-interface [was: icmp rpf]
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]