nanog mailing list archives
Re: address spoofing
From: sthaug () nethelp no
Date: Sat, 24 Apr 1999 01:30:20 +0200
Furthermore, whether the RFC [1918] says so or not, I'm going to block these packets at *my* border routers, because:Curious as to the cost (added latency) in doing RFC 1918 source address filtering on all packets in the context of cost-benfit analysis.
Well, we added filtering of spoofed source addresses (ie. our own) at our border routers quite a while ago. Adding filters for the RFC 1918 source addresses was a complete no-brainer - three more lines in a filter that already had around 15 lines. *No* visible (to us) increased processor load or latency. (I'm sure it can be measured - but in our case it's completely lost in the noise.) Steinar Haug, Nethelp consulting, sthaug () nethelp no
Current thread:
- Re: address spoofing, (continued)
- Re: address spoofing Forrest W. Christian (Apr 23)
- Re: address spoofing Andrew Brown (Apr 23)
- Re: address spoofing Forrest W. Christian (Apr 23)
- Re: address spoofing sthaug (Apr 23)
- Re: address spoofing John Leong (Apr 23)
- Re: address spoofing Daniel Senie (Apr 23)
- Re: address spoofing bmanning (Apr 23)
- Re: address spoofing Andrew Brown (Apr 23)
- Re: address spoofing Randy Bush (Apr 23)
- Re: address spoofing Dan Hollis (Apr 23)
- Re: address spoofing sthaug (Apr 23)
- Re: address spoofing Greg A. Woods (Apr 23)
- Re: address spoofing Phil Howard (Apr 22)
- Re: address spoofing Greg A. Woods (Apr 23)
- Re: address spoofing Phillip Vandry (Apr 23)
- Re: address spoofing Greg A. Woods (Apr 23)
- Re: address spoofing Phil Howard (Apr 23)
- Re: address spoofing Bryan Bradsby (Apr 23)
- Re: address spoofing Phil Howard (Apr 23)
- Re: address spoofing Andrew Brown (Apr 23)