Re: Another question on rfc1918

• From: Randy Bush
• Date: Fri Nov 23 18:55:57 2007

aloha michael,

i realize that good practice many not be general practice, but ...

lsr is encouraged at routers bordering with bgp peers for debugging
purposes, i.e. so that A may learn B's routing towards C without
calling/writing/bothering B's engineers.

but lsr really should be blocked at hosts, e.g.

    # grep lsr /etc/ipfw.rules
    add deny log all from any to any ipoptions ssrr,lsrr,rr

i am not aware of a similar common use case for ssr.

randy

• References:
  • General question on rfc1918 Drew Weaver
  • Another question on rfc1918 Michael Painter

• Prev by Date: Re: Another question on rfc1918
• Next by Date: Re: BOTNET reference involving oscilloscope
• Date Index
• Thread Index
• Author Index
• Historical