The other extreme is that, what if you are singly-homed? Then it is useless again.
Why, may I ask? This removes the need to maintain access lists to do the same thing, so I don't see it as entirely useless. - Håvard
Wait; all traffic is coming in one interface. The CEF thing will have no effect if the spoofed source address is a real network. However, if it is a completely bogus source address (1.2.3.4 or somesuch), then yes, it does make it a bit easier to filter. On Sat, 25 Apr 1998 Havard.Eidnes@runit.sintef.no wrote:
The other extreme is that, what if you are singly-homed? Then it is useless again.
Why, may I ask? This removes the need to maintain access lists to do the same thing, so I don't see it as entirely useless.
- H�vard
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- Atheism is a non-prophet organization. I route, therefore I am. Alex Rubenstein, alex@nac.net, KC2BUO, ISP/C Charter Member Father of the Network and Head Bottle-Washer Net Access Corporation, 9 Mt. Pleasant Tpk., Denville, NJ 07834 Don't choose a spineless ISP! We have more backbone! http://www.nac.net -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
Wait; all traffic is coming in one interface. The CEF thing will have no effect if the spoofed source address is a real network.
However, if it is a completely bogus source address (1.2.3.4 or somesuch), then yes, it does make it a bit easier to filter.
If the spoofer is dialed up to YOUR network, and spoofs the address of someone else out on the net, then YOUR router should find that the source interface is not in the list of routes for that address, and discard it. If the spoofer is attacking YOU, then that means the network the spoofer is attached to is NOT blocking him by this method, but SHOULD. -- Phil Howard | no1way89@dumbads5.net stop2599@anywhere.edu ads0suck@no0place.edu phil | die8spam@no1place.net no4way60@no4place.edu end8it63@nowhere7.org at | stop2015@no9where.edu no25ads9@no49ads6.net end9ads6@dumb4ads.net milepost | end0ads3@s5p0a0m8.org crash061@anyplace.net stop5278@anywhere.net dot | no29ads0@anyplace.net stop3305@dumb7ads.net blow8me2@lame2ads.com com | die2spam@no9where.net stop3it9@anyplace.org stop9ads@no6place.org
participants (3)
-
Al Reuben
-
Havard.Eidnes@runit.sintef.no
-
Phil Howard