We requests that your routers be configurable, at the interface
level, to prevent the forwarding of an ICMP echo-request packet through an
interface that has a broadcast or wire address that matches the
destination address of that packet.
Modifications that cause the forwarding path to behave differently
for some type of packets are *bad*. ICMP echo-requests should be treated
identically to other sorts of packets.
If you s/an ICMP echo-request/an IP/, then you have the same
as "no ip directed-broadcast". Your wording is sufficiently vague such that
I can't tell if that's what you meant or not. I don't know if you're
trying to avoid being cisco-specific, or if you're being vague for some
other reason.
We also request that the default configurations of your routers be
modified to prevent said forwarding.
I don't have a problem with this.
We request that your routers be configurable, both globally and
and the interface level, with the interface configuration overiding the
global configuration, to prevent the forwarding of an IP packet with a
source network address different from the network address of the interface
on which it was received. We also request that the default configurations
of your routers be modified to prevent, globally, said forwarding.
I'd be concerned that having this as a default is not necessarily
the right thing in sufficiently large numbers of situations as to
make this a bad idea.
--jhawk