|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: New router feature - icmp error source-interface [was: icmprpf]
On Mon, 25 Sep 2006 09:22:34 -0400 "Patrick W. Gilmore" <[email protected]> wrote: > > On Sep 25, 2006, at 9:06 AM, Ian Mason wrote: > > > ICMP packets will, by design, originate from the incoming interface > > used by the packet that triggers the ICMP packet. Thus giving an > > interface an address is implicitly giving that interface the > > ability to source packets with that address to potential anywhere > > in the Internet. If you don't legitimately announce address space > > then sourcing packets with addresses in that space is (one > > definition of) spoofing. > > Who thinks it would be a "good idea" to have a knob such that ICMP > error messages are always source from a certain IP address on a router? > I do. -- "Sheep are slow and tasty, and therefore must remain constantly alert." - Bruce Schneier, "Beyond Fear"
|