Ok. So can I conclude that if the ISP is running default route, it will not
make sense to use ip verify unicast reverse path allow default meaning loose
mode.
Vincent Tay
On 8 Feb, 2012, at 11:23 AM, Tom Kacprzynski <tom.kac_at_gmail.com> wrote:
> Vincent,
> On the ISP size a loose mode might be used to preventing RFC1918 IP
addressing as those should not be included in the global routing table or any
addressing not yet assigned. These days that's not a very large number of
unassigned subnets for IPv4, but in the past that could be useful. On the
enterprise side if you don't have the global routing table, you might prevent
spoofing of addresses that are not in your routing domain, basically loose
mode will not forward packets based on the availability of that source's
network in the routing table. If an enterprise is using a 10.0.0.0/8
addressing while a worm is trying to spoof packets with someone else's public
address that should be blocked by loose mode as those public network most
likely won't be present in the routing table and only matched by a a default
route.
>
> Hope that make things little clearer.
>
> Tom Kacprzynski
>
>
> On Tue, Feb 7, 2012 at 7:59 PM, Vincent Tay <vtay.75_at_gmail.com> wrote:
> Hi all,
> I m wondering how loose mode help in detecting spoof packets.
> Can anyone share?
> Vincent Tay
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Wed Feb 08 2012 - 12:35:02 ART
This archive was generated by hypermail 2.2.0 : Thu Mar 01 2012 - 11:46:56 ART