Using The Bit Bucket To Stymie Virus Traffic

Tom Lancaster of SearchSecurity.com writes:

Reverse Path Forwarding is a pretty useful feature common in routers these days; it allows you to drop packets when the route to the source address of the packet is something other than the interface on which the packet arrived. In other words, it’s a fancy form of antispoofing that focuses on the source address. You can also do some quick and easy removal of unwanted packets using the destination address.

For the last several years, antispoofing access lists and firewall features have been quite common at the edge of the network and even at the border between the LAN at each site and the WAN. However, this doesn’t help you when the problem - for example, a virus that’s spouting lots of garbage in an attempt to find and infect other hosts on your network - is already on your LAN. What you want to be able to do is drop that traffic at the first opportunity, so that your backbone resources don’t become congested. Also keep in mind that it’s not just your backbone that suffers; your PCs and servers will also have to process every packet they get, which can slow them considerably.

[Read Using The Bit Bucket To Stymie Virus Traffic in its entirety here]