On Thu, 23 Aug 2001, Nathan E Norman wrote: > When I worked at an ISP, I liked to bring up security issues.
[snip] > replies to other customers, filter rfc1918 addresses at the gateway to > prevent those addresses from accessing the internet, filtering source > addresses not in our netblocks from accessing the internet, filtering > incoming traffic with source addresses in our netblocks, etc). That's not too bad, actually. I've never used an ISP that did egress/ingress filtering :) That cuts down on a good bit of garbage that can go on, although it doesn't save you from your neighbors or people who are bouncing to attack or are too stupid to known/care. Out of curiosity, how much load did that filtering but on the routers? The common argument I've heard against doing the filtering is that it requires using the "slow path" on the router, and you can't handle as much load / router (more expensive). Is this accurate? -- Adam
