On 2014-08-19 15:23, Roland Dobbins wrote: > > On Aug 19, 2014, at 8:18 PM, Jeroen Massar <[email protected]> wrote: > >> - The ICMP error packet's destination address must qualify uRPF rules for >> the same interface as the source address.[1] > > Should this language be limited to uRPF, or should it include other > anti-spoofing mechanisms, as well?
Any kind of mechanism that can check: "is this source address supposed to come from that interface" would qualify IMHO (as long as it does a proper job ;). Greets, Jeroen _______________________________________________ OPSEC mailing list [email protected] https://www.ietf.org/mailman/listinfo/opsec
