tag:blogger.com,1999:blog-1025730842532413265.post7246161302396277705..comments2018-11-30T06:56:23.854-08:00Comments on Jad's Blog: Thoughts on Loose Source Routing as a Mechanism for Traffic PoliciesJad Naoushttp://www.blogger.com/profile/12598328034721416149noreply@blogger.comBlogger1125tag:blogger.com,1999:blog-1025730842532413265.post-18960682388126645432011-01-15T17:57:45.797-08:002011-01-15T17:57:45.797-08:00Jad,
A couple of comments.
- Regarding the claim...Jad,<br /><br />A couple of comments.<br /><br />- Regarding the claim that WRAP (and LSRR) makes it harder to spoof: Say a bad source sends out a packet with a bogus reverse path [X,Y,Z] and forward path [A,B,C,D], where D is the destination. Assuming A, B and C are non-malicious routers, when the packet reaches D it has reverse path [X,Y,Z,A,B,C,D]. So, even though the first part of the reverse path is bogus, it at least includes the real reverse path as a suffix. In this sense, WRAP does make it harder to spoof, because the receiver knows a big part of the path followed by the packet, even if it does not know the exact source.<br /><br />- Regarding the claim that conventional filters can be used to filter WRAP packets based on their header: What is meant by "conventional filters" is "conventional filtering mechanisms." I.e., a router would be able to filter a WRAP packet by reading its forward/reverse path (which would be at a fixed location) and looking it up in a TCAM. You cannot do that with IP options -- at least not in any conventional way.Unknownhttps://www.blogger.com/profile/08495185237320050023noreply@blogger.com