Re: Blocking spoofing at the source (was: ICMP Attacks??)
This won't work on anything with multiple diverse paths. And I don't know many companies with their own WANs that don't have such.
This rule could be made to work only on links that aren't doing any dynamic routing protocols, which makes it useful for things like dialup servers. Since it becomes next to impossible to filter at the core router level, I think the proper place to do this is at the edge of the network (dialup servers, static-routed links back to customers), rather than the center.
You're assuming that all non-Internet networks have cores. Very untrue. -- Joe Rhett Systems Engineer JRhett@ISite.Net ISite Services PGP keys and contact information: http://www.navigist.com/Staff/JRhett
participants (1)
-
Joe Rhett