"Gert Doering, Netmaster" wrote:
Hi,
On Thu, Sep 02, 1999 at 10:44:39AM +0100, Leigh Porter wrote:
As a side note, does anybody use anything to prevent address spoofing in their network? That would at prevent a lot of attacks completly and make tracing the rest much easier.
Sure we do.
On our ingress interfaces to our customers, we have very strict access lists ("permit ip <customer net> any / deny ip any any log").
How do you manage large BGP customers with lots of networks? I would also be interested to know performance hits on the routers for this. I do recall soemthing Cisco implemented that checked you have a route back to any source address that comes in on a suitably configured interface else it'll drop the packet as being spoofed, this soulds good - anybody tried it? -- Leigh