North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Blocking spoofing at the source (was: ICMP Attacks??)
> > This won't work on anything with multiple diverse paths. And I don't know > > many companies with their own WANs that don't have such. > This rule could be made to work only on links that aren't doing any dynamic > routing protocols, which makes it useful for things like dialup servers. > Since it becomes next to impossible to filter at the core router level, I > think the proper place to do this is at the edge of the network (dialup > servers, static-routed links back to customers), rather than the center. You're assuming that all non-Internet networks have cores. Very untrue. -- Joe Rhett Systems Engineer [email protected] ISite Services PGP keys and contact information: http://www.navigist.com/Staff/JRhett
|