Apologies for the terseness. :-)
I certainly wouldn't rely on my upstream service provider to
block source-routed traffic; normally, they don't care. In fact,
they generally support it to troubleshoot routing problems [ie.
traceroute -g option].
I can't speak to kernel or OS modifications (since I'm an old
router jockey anyway), but source-routed IP packets can be easily
dropped on a cisco router by adding the global parameter:
no ip source-route
to the router configuration.
- paul
At 01:16 AM 1/5/97 +0100, Carl Karlsson wrote:
>> >Source routed packets.
>>
>> Which are easily stopped.
>
>You guys have a cool terse way of discussing interesting things. :) I was
>thinking that source routed packets was the answer to my question, and I
>was also believing that they could be stopped. Do I need to care about
>source routed packets if my upstream provider has everything configured
>as they should? If I am using for example Linux, would it be enough to
>configure the linux kernel to drop source routed packets? To configure the
>linux firewall to ignore localnet packets from the external link?
>Many questions.. I'll accept an RTFM answer if someone also tells me WTFM
>is. :)
>
--
Paul Ferguson || ||
Consulting Engineering || ||
Herndon, Virginia USA |||| ||||
tel: +1.703.397.5938 ..:||||||:..:||||||:..
e-mail: pferguso @
cisco .
com c i s c o S y s t e m s
|
|
