On Mon, 25 Sep 2006, Joseph S D Yao wrote: > > On Mon, Sep 25, 2006 at 09:22:34AM -0400, Patrick W. Gilmore wrote: > ... > > Who thinks it would be a "good idea" to have a knob such that ICMP > > error messages are always source from a certain IP address on a router? > ... > > > I've sometimes thought it would be useful when I wanted to hide a route. > But security via obscurity just makes it that much harder to fix
I think in the original poster's scenario one network was looking to protect their resources/equipment from a majority of the network's ills. It's not unreasonable... atleast not in my mind. It's also not 'security through obscurity' since one of the parties is/was leaking their information OUT, just not 'in' :) > something. Many more times than this would have been useful, I've been > able to identify at which router a problem was by a 'traceroute' that What's interesting is that today, in many networks, the usefulness of traceeroute has bee degraded by other non-ip issues (<cough>mpls</cough>) not in ALL cases, but certainly in many you are not seeing quite what you'd expect from the traceroute :(
