nanog mailing list archives
Re: ICMP Attacks???????
From: Joe Rhett <jrhett () ISite Net>
Date: Fri, 22 Aug 1997 14:42:42 -0700 (PDT)
I don't think that's a good idea. The vast majority of routers that I sell to customers are not used in Internet applications, and to add another configuration step to enable the router to do what routers traditionally do by default would be very confusing to the end user.
You're saying that Corporate America *relies* on being able to to IP source address spoofing through the routers it builds its commercial private networks with?
<sigh> No, I believe he's saying that corporate america comes in two flavors. 1) that isn't terribly clueful, and don't know how their packets route (scary how often you see this .. RIP-based networks that "just work") 2) Multi-path, decentralized network administration. So any given router will not be aware of all paths in the topology, and may route packets that it doesn't know how to return. Deliberately. Trust me, you don't know how your peer routes their traffic. Neither does sales know how the engineering department does in some cases. Or the backbone group knows all, and the department routers know nothing. In any case, this logic used for this would have to be very complex. ..which would cause complex problems. I prefer simple manual editing. Actually, on the End-Of-Branch routers you could implement functions which say not to route anything coming through a given interface unless it is from that network. But this won't work on most branch router configurations. It's simply not that simple. -- Joe Rhett Systems Engineer JRhett () ISite Net ISite Services PGP keys and contact information: http://www.navigist.com/Staff/JRhett
Current thread:
- RE: ICMP Attacks???????, (continued)
- RE: ICMP Attacks??????? Erik E. Fair (Aug 21)
- Re: ICMP Attacks??????? Jon Green (Aug 21)
- Re: ICMP Attacks??????? Paul Ferguson (Aug 21)
- Re: ICMP Attacks??????? Jon Green (Aug 21)
- Message not available
- Re: ICMP Attacks??????? Jay R. Ashworth (Aug 21)
- RE: ICMP Attacks??????? Erik E. Fair (Aug 21)
- Message not available
- Re: ICMP Attacks??????? Jay R. Ashworth (Aug 21)
- Re: ICMP Attacks??????? Jon Green (Aug 21)
- Re: ICMP Attacks??????? Greg A. Woods (Aug 21)
- Re: ICMP Attacks??????? Jon Green (Aug 22)
- Re: ICMP Attacks??????? Greg A. Woods (Aug 22)
- Re: ICMP Attacks??????? Joe Rhett (Aug 22)
- Message not available
- Re: ICMP Attacks??????? Jay R. Ashworth (Aug 22)
- Re: ICMP Attacks??????? Josh Beck (Aug 21)
- Blocking spoofing at the source (was: ICMP Attacks??) Joe Rhett (Aug 22)
- Re: Blocking spoofing at the source (was: ICMP Attacks??) Josh Beck (Aug 22)
- Message not available
- Re: Blocking spoofing at the source (was: ICMP Attacks??) Jay R. Ashworth (Aug 22)
- Re: Blocking spoofing at the source (was: ICMP Attacks??) Robert Sanders (Aug 29)
- Re: Blocking spoofing at the source (was: ICMP Attacks??) Phil Howard (Aug 22)
- Re: Blocking spoofing at the source (was: ICMP Attacks??) Robert Sanders (Aug 29)
- Re: ICMP Attacks??????? Peter E. Giza (Aug 21)
- Re: ICMP Attacks??????? Jon Lewis (Aug 21)