North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

RE: no ip forged-source-address

  • From: Daniel Senie
  • Date: Wed Oct 30 17:03:43 2002

At 12:29 PM 10/30/2002, Tony Hain wrote:

To reiterate the comment I made during the session yesterday, the places
where strict rpf will be most effective are at the very edge interfaces
without explicit management (SOHO). This also tends to be the place
where there is insufficient clue to turn it on.
This is also an area where NAT boxes are prevalent. One would HOPE the NAT boxes would take care of rejecting bogus source addresses sinec they do have to do translation on whatever comes in. So encouraging NAT boxes in the SOHO world is perhaps not so bad...

For the SOHO cases without NAT boxes, cable, dsl and dialup from a single computer, it would make a great deal of sense for the ISP to take care of this issue (in the cable head-end router, DSLAM, or NAS).