Vincent,
On the ISP size a loose mode might be used to preventing RFC1918 IP
addressing as those should not be included in the global routing table or
any addressing not yet assigned. These days that's not a very large number
of unassigned subnets for IPv4, but in the past that could be useful. On
the enterprise side if you don't have the global routing table, you might
prevent spoofing of addresses that are not in your routing domain,
basically loose mode will not forward packets based on the availability of
that source's network in the routing table. If an enterprise is using a
10.0.0.0/8 addressing while a worm is trying to spoof packets with someone
else's public address that should be blocked by loose mode as those public
network most likely won't be present in the routing table and only matched
by a a default route.
Hope that make things little clearer.
Tom Kacprzynski
On Tue, Feb 7, 2012 at 7:59 PM, Vincent Tay <vtay.75_at_gmail.com> wrote:
> Hi all,
> I m wondering how loose mode help in detecting spoof packets.
> Can anyone share?
> Vincent Tay
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Tue Feb 07 2012 - 21:23:10 ART
This archive was generated by hypermail 2.2.0 : Thu Mar 01 2012 - 11:46:56 ART