North American Network Operators Group|
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
RE: no ip forged-source-address
- From: Daniel Senie
- Date: Wed Oct 30 17:03:43 2002
At 12:29 PM 10/30/2002, Tony Hain wrote:
This is also an area where NAT boxes are prevalent. One would HOPE the NAT
boxes would take care of rejecting bogus source addresses sinec they do
have to do translation on whatever comes in. So encouraging NAT boxes in
the SOHO world is perhaps not so bad...
To reiterate the comment I made during the session yesterday, the places
where strict rpf will be most effective are at the very edge interfaces
without explicit management (SOHO). This also tends to be the place
where there is insufficient clue to turn it on.
For the SOHO cases without NAT boxes, cable, dsl and dialup from a single
computer, it would make a great deal of sense for the ISP to take care of
this issue (in the cable head-end router, DSLAM, or NAS).