|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: address spoofing
> > Furthermore, whether the RFC [1918] says so or not, I'm going to block > > these packets at *my* border routers, because: > > Curious as to the cost (added latency) in doing RFC 1918 source address > filtering on all packets in the context of cost-benfit analysis. Well, we added filtering of spoofed source addresses (ie. our own) at our border routers quite a while ago. Adding filters for the RFC 1918 source addresses was a complete no-brainer - three more lines in a filter that already had around 15 lines. *No* visible (to us) increased processor load or latency. (I'm sure it can be measured - but in our case it's completely lost in the noise.) Steinar Haug, Nethelp consulting, [email protected]
|