North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Who does source address validation? (was Re: what's that smell?)
[email protected] wrote: That's not terribly hard to overcome - allow icmp unreachables (from any source) in your acl, then deny all traffic from RFC 1918 addresses, then the rest of the ACL. Combined with CAR (or CatOS QoS rate limiting) on icmp's, you end up with all the functionality, and almost none of the bogus traffic.
|