I don't think that's a good idea. The vast majority of routers that
I sell to customers are not used in Internet applications, and to add
another configuration step to enable the router to do what routers
traditionally do by default would be very confusing to the end user.
No, I think the answer really is to get some sample anti-spoofing filters
into the router documentation and find a good way to get people to
read it. There are lots of "how to configure your router for the Internet"
types of tutorials out there, and outbound filtering should be part
of every one of them.
[ On Thu, August 21, 1997 at 17:18:24 (-0500), Jon Green wrote: ]
Subject: Re: ICMP Attacks???
I don't think that's a good idea. The vast majority of routers that
I sell to customers are not used in Internet applications, and to add
another configuration step to enable the router to do what routers
traditionally do by default would be very confusing to the end user.
Wait just one minute there.
You're saying that Corporate America *relies* on being able to to
IP source address spoofing through the routers it builds its commercial
private networks with?
Please don't say it's so. Maybe the Internet is *more* secure than the
average corporate network!
