Christopher L. Morrow wrote:
On Tue, 9 Nov 2004, Network.Security wrote:
"Depending on putting devices on 1918 for security is dangerous. " - Simon J. Lyall.
Agreed. RFC 1918 is a good idea, it's not the law, and with that ISP's are not required to do anything about 1918 addr's if they choose not to. We receive a disturbingly large amount of traffic sourced from the 1918
^^^^^^^
That's odd, I didn't think routing to Null0 (or equivalent) was all that taxing, I don't want an ACL, I want it gone in the cheapest, fastest way possible.
that's odd... routing is a DESTINATION based problem, not a SOURCE based one.
Routing has always been more than a destination based decision. Even in the beggining IP had LSRR/SSRR. Now it has policy/qos/SAV/urpf what have you. <Tinfoil Hat> The redefinition of ip routing as actions based solely on the destination address in the packet was done merely by those wishing to ignore performance requirements for doing it properly. They took the cheap easy way out. Kudos to all you grizzled folk out there who handed out those free passes. (After 20 years of IP we now offer line rate X as long as you dont do Y!) </TH> (back to my corner for the rest of the month)