North American Network Operators Group|
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Re: ICMP Attacks???????
- From: Joe Rhett
- Date: Fri Aug 22 18:03:50 1997
> > I don't think that's a good idea. The vast majority of routers that
> > I sell to customers are not used in Internet applications, and to add
> > another configuration step to enable the router to do what routers
> > traditionally do by default would be very confusing to the end user.
> You're saying that Corporate America *relies* on being able to to
> IP source address spoofing through the routers it builds its commercial
> private networks with?
<sigh> No, I believe he's saying that corporate america comes in two
1) that isn't terribly clueful, and don't know how their packets route
(scary how often you see this .. RIP-based networks that "just work")
2) Multi-path, decentralized network administration. So any given router
will not be aware of all paths in the topology, and may route packets
that it doesn't know how to return. Deliberately.
Trust me, you don't know how your peer routes their traffic. Neither does
sales know how the engineering department does in some cases. Or the
backbone group knows all, and the department routers know nothing.
In any case, this logic used for this would have to be very complex.
..which would cause complex problems. I prefer simple manual editing.
Actually, on the End-Of-Branch routers you could implement functions which
say not to route anything coming through a given interface unless it is
from that network. But this won't work on most branch router
It's simply not that simple.
Joe Rhett Systems Engineer
JRhett@ISite.Net ISite Services
PGP keys and contact information: http://www.navigist.com/Staff/JRhett