8 Apr
2004
8 Apr
'04
12:40 p.m.
Blaine Christian wrote http://www.faqs.org/rfcs/rfc3682.html I agree that it is not a panacea... But, you must admit, it provides an incredible level of comfort. It would be wonderful to only allow internally generated traffic to talk to the core of your network with a simple TTL filter. Versus anti-spoofing filters from hell.
That's not the way I see this at all. I look at it as a good complement to anti-spoofing filters as part of defense in depth, in case said filters get SNAFUed. My primary line of defense will remain ACLs. Michel.
7564
Age (days ago)
7564
Last active (days ago)
0 comments
1 participants
participants (1)
-
Michel Py