|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: If you have nothing to hide
> Validation of routing policy to ensure others aren't abusing you (pointing > default, for example). As for orders of magnitude, once an IP option is > in a packet, the damage is essentially done, otherwise looking up the > path to an address in the options is no more impactive than looking up the > address in the original destination field. Well, no. Not really. First off, following the 80/20 rule (or in this case 99.x/(100-99.x) rule) says that hardware implementations which get optioned packets punt them to software. This is at every hop. Second, the IP source route is a stack of IP addresses, which must be modified at every hop. This implies not just software forwarding, but also significantly more work than an IP lookup. eric > source-routing only has security > implications to those with defenses which permit traffic through some type > of backdoor. The backdoor has more security implications than the > source-routing, since it may be compromised in other manners.
|