[nsp-sec] creative lying

[Eli Dart]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


> I don't really care if it is strict mode URPF or an acl that says only
> forward traffic that originated from the set of "inside" IP addresses
> drop and log all others.

The trouble with logging that traffic is that in the presence of
default, all the goo that comes from a laptop when it is woken up in
the morning after being put to sleep on a residential broadband
connection ends up in the logs.  This is completely benign of course,
but if the security folks looking at the logs aren't expecting it, they
will run around in circles for a while trying to figure out why RFC1918
addresses are trying to get out to espn.com or whatever....


		--eli

- --
Eli Dart                                         Office: (510) 486-5629
ESnet Network Engineering Group                  Fax:    (510) 486-6712
Lawrence Berkeley National Laboratory
PGP Key fingerprint = C970 F8D3 CFDD 8FFF 5486 343A 2D31 4478 5F82 B2B3
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (FreeBSD)

iEYEARECAAYFAkjABMYACgkQLTFEeF+CsrM7xgCfSKhXoDzpeP8OrbWRU8dd+JX6
jKQAnRpeLcYQUaR2kHbw8S8gaAWu5b2r
=qp9d
-----END PGP SIGNATURE-----