Re: Spoof protection / RFC1812

To: debian-devel@lists.debian.org
Subject: Re: Spoof protection / RFC1812
From: Matt Zimmerman <mdz@debian.org>
Date: Sat, 14 Jul 2001 02:30:35 -0400
Message-id: <[🔎] 20010714023034.G623@alcor.net>
Mail-followup-to: debian-devel@lists.debian.org
In-reply-to: <[🔎] 20010714155031.A11933@azure.humbug.org.au>
References: <[🔎] 20010714155031.A11933@azure.humbug.org.au>

On Sat, Jul 14, 2001 at 03:50:31PM +1000, Anthony Towns wrote:

> RFC1812 says that Internet routers should have the ability to avoid
> source address spoofing (eg, sending something that appears to be from
> a private LAN address through your firewall's public internet connection),
> but must not enable it by default.
> 
> netbase provides such spoof protection, and enables it by default. It also
> disables IP forwarding by default, effectively putting Debian machines
> into the category of Internet host rather than Internet router, under
> the terms of RFC1812.

I don't think the RFC police will come after any of us if we consider Debian
systems to be Internet hosts, even if they happen to be multi-homed (where such
filters would come into play).  If an administrator chooses to use a Debian
system as an IP router, they are responsible for configuring it to adhere to
RFC1812.

For what it's worth, RFC1122 (Host Requirements) does not make any mention of
reverse-path filtering.

-- 
 - mdz

Reply to:

References:
- Spoof protection / RFC1812
  - From: Anthony Towns <aj@azure.humbug.org.au>

Prev by Date: Re: Bug#104450: ITP: tcptraceroute -- A traceroute implementation using TCP packets
Next by Date: Bug#105208: ITP: libnet-server-perl -- A Extensible, general Perl server engine
Previous by thread: Spoof protection / RFC1812
Next by thread: Re: Spoof protection / RFC1812
Index(es):
- Date
- Thread