nanog mailing list archives
Re: no ip forged-source-address
From: <bdragon () gweep net>
Date: Mon, 4 Nov 2002 16:21:17 -0500 (EST)
On Wed, Oct 30, 2002 at 03:44:12PM +0000, variable () ednet co uk wrote:Therefore, would it be a reasonable suggestion to ask router vendors to source address filtering in as an option[1] on the interface and then move it to being the default setting[2] after a period of time?Cannot be done, I certainly doesn't want RPF check to be default enabled on all interfaces on my routers, think for a second about asymmetric routing WITHIN the ISP network. /Jesper
in cisco parlance, ip verify unicast source reachable-via any allow-default allow-self-ping would be fine in the core, and as a default setting. Would still need to enable strict settings on applicable borders, which would probably be skipped by the clue impaired, but some of the crap would be caught, which is better than none.
Current thread:
- Re: no ip forged-source-address Bob Martinez (Nov 03)
- <Possible follow-ups>
- Re: no ip forged-source-address bdragon (Nov 04)
- Re: no ip forged-source-address bdragon (Nov 04)
- Re: no ip forged-source-address bdragon (Nov 04)
- Where is the edge of the Internet? Re: no ip forged-source-address Sean Donelan (Nov 04)
- Re: Where is the edge of the Internet? Re: no ip forged-source-address bdragon (Nov 04)
- Re: Where is the edge of the Internet? Re: no ip forged-source-address Matt Buford (Nov 04)
- Re: Where is the edge of the Internet? Re: no ip forged-source-address Christopher L. Morrow (Nov 06)
- Re: Where is the edge of the Internet? Re: no ip forged-source-address bdragon (Nov 07)
- Where is the edge of the Internet? Re: no ip forged-source-address Sean Donelan (Nov 04)
- Re: Where is the edge of the Internet? Re: no ip forged-source-address alok (Nov 04)
- Re: Where is the edge of the Internet? Martin (Nov 04)
- Re: Where is the edge of the Internet? alok (Nov 04)