Re: Where is the edge of the Internet? Re: no ip forged-source-address
if what u mean by loose is "exist only" then yes on a bgp running router probably the WHOLE INTERNET IS EXIST ONLY...that surely gives u enuf ips to spoof with....?? how do u block by source????????? you could only know that "frrom that link between as-1 and as-2 there will be some traffic from a network IP of AS-1" etc...which still is a huge network..enuf to spoof lots of IPs..... =====> for clarification.....i mean "any *registered* netowrk of AS-1 can uplink via this link" ...this link may not be the downlink for this network into AS-1 but can still be an uplink..... fine now? u can put "loose"...its NO USE!! thats what i said..there will always be a route to the source....all u may drop is 10.x/192.168 and 172/16-31......that too if ur network isnt internally using it.... and if u end up putting "loose" an OSPF router ull drop valid traffic if ur not redistributing bgp etc..and if u are redistributing...well again the above argument holds true...every registered network will be there in BGP ..... -rgds Alok
participants (1)
-
alok