In your letter dated Tue, 19 Aug 2014 20:23:54 +0700 you wrote: >On Aug 19, 2014, at 8:18 PM, Jeroen Massar <[email protected]> wrote: > >> - The ICMP error packet's destination address must qualify uRPF rules for= > the same interface as the source address.[1] > >Should this language be limited to uRPF, or should it include other >anti-spoofing >mechanisms, as well?
At least for TCP it is relatively easy for the host to check whether the sequence numbers make sense. If they don't, discard the error ICMP. _______________________________________________ OPSEC mailing list [email protected] https://www.ietf.org/mailman/listinfo/opsec
