nanog mailing list archives
Re: New router feature - icmp error source-interface [was: icmp rpf]
From: Mark Smith <nanog () fa1c52f96c54f7450e1ffb215f29991e nosense org>
Date: Tue, 26 Sep 2006 06:52:16 +0930
On Mon, 25 Sep 2006 09:22:34 -0400 "Patrick W. Gilmore" <patrick () ianai net> wrote:
On Sep 25, 2006, at 9:06 AM, Ian Mason wrote:ICMP packets will, by design, originate from the incoming interface used by the packet that triggers the ICMP packet. Thus giving an interface an address is implicitly giving that interface the ability to source packets with that address to potential anywhere in the Internet. If you don't legitimately announce address space then sourcing packets with addresses in that space is (one definition of) spoofing.Who thinks it would be a "good idea" to have a knob such that ICMP error messages are always source from a certain IP address on a router?
I do. -- "Sheep are slow and tasty, and therefore must remain constantly alert." - Bruce Schneier, "Beyond Fear"
Current thread:
- Re: icmp rpf, (continued)
- Re: icmp rpf Chris Adams (Sep 25)
- Re: icmp rpf william(at)elan.net (Sep 25)
- Re: icmp rpf Tony Rall (Sep 26)
- Re: icmp rpf Jared Mauch (Sep 26)
- Re: icmp rpf Bill Stewart (Sep 27)
- Re: icmp rpf Adrian Chadd (Sep 25)
- New router feature - icmp error source-interface [was: icmp rpf] Patrick W. Gilmore (Sep 25)
- Re: New router feature - icmp error source-interface [was: icmp rpf] Joe Maimon (Sep 25)
- Re: New router feature - icmp error source-interface [was: icmp rpf] Mark Smith (Sep 25)
- RE: New router feature - icmp error source-interface [was: icmp rpf] Berkman, Scott (Sep 25)
- Re: New router feature - icmp error source-interface [was: icmp rpf] Patrick W. Gilmore (Sep 25)
- RE: New router feature - icmp error source-interface [was: icmp rpf] David Temkin (Sep 25)
- Re: New router feature - icmp error source-interface [was: icmp rpf] Richard A Steenbergen (Sep 25)