North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Blocking spoofing at the source (was: ICMP Attacks??)

  • From: Joe Rhett
  • Date: Fri Aug 22 20:20:11 1997

> > This won't work on anything with multiple diverse paths. And I don't know
> > many companies with their own WANs that don't have such.
> This rule could be made to work only on links that aren't doing any dynamic
> routing protocols, which makes it useful for things like dialup servers.
> Since it becomes next to impossible to filter at the core router level, I 
> think the proper place to do this is at the edge of the network (dialup 
> servers, static-routed links back to customers), rather than the center.
You're assuming that all non-Internet networks have cores. Very untrue.

Joe Rhett                                                 Systems Engineer
[email protected]                                          ISite Services

PGP keys and contact information: