<snip>
our packets. While I'm certainly in favor of anything edge providers can
do to eliminate denial of service attacks based on source-routing,
I certainly don't want anything further.
<snip>
denial of service based upon source routing? I hadn't heard of any denial
of service attacks of that sort.
Disabling source-routing is like filtering icmp, sure you might block
a few abuses, but more often than not, you are throwing out legitimate
traffic.
Of course, I mean denial of service attacks using source routing, i.e. made
possible by use of same. I guess I need to be semantically perfect and
I don't always have a wonderful command of the english language it seems,
but please grant that I'm not stupid.
Thanks
[snip]
Thus spake <bdragon@gweep.net>
<snip>
> our packets. While I'm certainly in favor of anything edge providers can
> do to eliminate denial of service attacks based on source-routing,
> I certainly don't want anything further.
<snip>denial of service based upon source routing? I hadn't heard of any denial
of service attacks of that sort.Disabling source-routing is like filtering icmp, sure you might block
a few abuses, but more often than not, you are throwing out legitimate
traffic.
I can't come up with any legitimate reason to use source-routed packets today.
If your routers even support them, they probably consume orders of magnitude
more processing power than normal packets; that is enough reason to disable
source-routing, not to mention the security implications.
S