North American Network Operators Group|
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Re: If you have nothing to hide
- From: Stephen Sprunk
- Date: Mon Aug 05 11:45:27 2002
Thus spake <firstname.lastname@example.org>
> > our packets. While I'm certainly in favor of anything edge providers can
> > do to eliminate denial of service attacks based on source-routing,
> > I certainly don't want anything further.
> denial of service based upon source routing? I hadn't heard of any denial
> of service attacks of that sort.
> Disabling source-routing is like filtering icmp, sure you might block
> a few abuses, but more often than not, you are throwing out legitimate
I can't come up with any legitimate reason to use source-routed packets today.
If your routers even support them, they probably consume orders of magnitude
more processing power than normal packets; that is enough reason to disable
source-routing, not to mention the security implications.