North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: ICMP Attacks???????
On Fri, Aug 22, 1997 at 02:42:42PM -0700, Joe Rhett wrote: > > > I don't think that's a good idea. The vast majority of routers that > > > I sell to customers are not used in Internet applications, and to add > > > another configuration step to enable the router to do what routers > > > traditionally do by default would be very confusing to the end user. > > > You're saying that Corporate America *relies* on being able to to > > IP source address spoofing through the routers it builds its commercial > > private networks with? > > <sigh> No, I believe he's saying that corporate america comes in two > flavors. > > 1) that isn't terribly clueful, and don't know how their packets route > (scary how often you see this .. RIP-based networks that "just work") > > 2) Multi-path, decentralized network administration. So any given router > will not be aware of all paths in the topology, and may route packets > that it doesn't know how to return. Deliberately. > > Trust me, you don't know how your peer routes their traffic. Neither does > sales know how the engineering department does in some cases. Or the > backbone group knows all, and the department routers know nothing. So far, so good. > In any case, this logic used for this would have to be very complex. > ..which would cause complex problems. I prefer simple manual editing. No, not really. > Actually, on the End-Of-Branch routers you could implement functions which > say not to route anything coming through a given interface unless it is > from that network. But this won't work on most branch router > configurations. This was what I originally proposed, in the posting from which this thread descended. Did everyone miss it? Cheers, -- jra -- Jay R. Ashworth [email protected] Member of the Technical Staff Unsolicited Commercial Emailers Sued The Suncoast Freenet "People propose, science studies, technology Tampa Bay, Florida conforms." -- Dr. Don Norman +1 813 790 7592