I'm not pretty sure that C is the correct one... I can't find any antispoofing official best practices anyway... I would D is BEST practice than the C.
Can anyone contradict me?
I believe that the fact that the anti-spoofing groups are in sync with the routing table implies that when a new route for a new subnet is added, it automatically will be updated to an anti-spoofing group, without any manual work, which you may forget doing by yourself. That's why C is more secure in my eyes
I can be understand your point of view and I'm agree with you. But here we are talking about BEST PRACTICE. In the security enviroment the manual control on this kind of defenses should be the best way theoretically. If the network group needs to implement a new subnet, you have just to upgrade manually the anti-spoofing configuration, and it seems a good effort/security compromise.
Anyway... It seems impossibile to know what CP thinks about this XD
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Hernan_Mella
10 months, 3 weeks agofaisal12
1 year agosaicosocial
2 years, 3 months agosaicosocial
2 years, 3 months agomauchi
2 years, 3 months agosaicosocial
2 years, 3 months ago