North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
RE: BGP TTL check in 12.3(7)T
> Blaine Christian wrote > http://www.faqs.org/rfcs/rfc3682.html > I agree that it is not a panacea... But, you must admit, > it provides an incredible level of comfort. It would be > wonderful to only allow internally generated traffic to > talk to the core of your network with a simple TTL filter. > Versus anti-spoofing filters from hell. That's not the way I see this at all. I look at it as a good complement to anti-spoofing filters as part of defense in depth, in case said filters get SNAFUed. My primary line of defense will remain ACLs. Michel.