Re: New router feature - icmp error source-interface [was: icmp rpf]

• From: Joe Maimon
• Date: Mon Sep 25 11:41:20 2006

Patrick W. Gilmore wrote:

On Sep 25, 2006, at 9:06 AM, Ian Mason wrote:

ICMP packets will, by design, originate from the incoming interface used by the packet that triggers the ICMP packet. Thus giving an interface an address is implicitly giving that interface the ability to source packets with that address to potential anywhere in the Internet. If you don't legitimately announce address space then sourcing packets with addresses in that space is (one definition of) spoofing.

Who thinks it would be a "good idea" to have a knob such that ICMP error messages are always source from a certain IP address on a router?

I do. I have suggested much the same in the past.

• References:
  • icmp rpf Mark Kent
  • Re: icmp rpf Ian Mason
  • New router feature - icmp error source-interface [was: icmp rpf] Patrick W. Gilmore

• Prev by Date: Re: NANOG Thread
• Next by Date: 802.3ad/LACP between Administrative Domains
• Date Index
• Thread Index
• Author Index
• Historical