Security Incidents mailing list archives

Re: Private networks and home.{net|com}

From: jpapen () YAHOO COM (Jeffrey Papen)
Date: Thu, 10 Feb 2000 16:00:10 -0800


I would totally disagree.  AtHome as protected all of their internal router
interfaces from DDoS attacks by having 1918 address space.  It is true that
pings/traceroutes can't originate from those routers, but it will be happily
passed by them.

The massive DDos Attacks this week have been aimed at the default gateway
routers for the ISPs, and have proven very effective.  I think that AtHome has
very intelligently protected themselves.

There are only two types router interfaces exposed to attack, the peering
router interfaces are exposed and AtHome can pressure their peers into adding
CAR.  The other is the default gateway of AtHome subscribers, and these
interfaces can be protected w/ CAR anywhere along the data path where it is
most convenient.

- Jeffrey

--- Pavel Kankovsky <peak () ARGO TROJA MFF CUNI CZ> wrote:

On Wed, 9 Feb 2000, Rasmus Andersson wrote:

It's perfectly legal (and in many ways good) to use those addresses on
link networks, and filtering out ALL traffic from such addresses is a
therefore a Bad Idea(tm). In particular, you MUST let ICMP Unreachable -
Fragmentation Needed through to not damage path-MTU discovery. IMHO you
should let any ICMP Unreachables through as well as Time Exceeded.


I might have a very good reason not to allow any RFC-1918-address
originated datagrams from outside: I might be using these addresses
myself in my internal network. Why should I allow anyone to spoof
internal traffic of any kind?

IMHO, it is a Bad Idea(tm) to allow a PRIVATE address to appear in a
PUBLIC network! And people who do it are messing things up themselves.

--Pavel Kankovsky aka Peak  [ Boycott Microsoft--http://www.vcnet.com/bms ]
"Resistance is futile. Open your source code and prepare for assimilation."


=====
Yahoo Network Operations
work: 408-616-3897
page: 408-619-0572
cell: 650-580-2684
email: jeffrey () papen com
__________________________________________________
Do You Yahoo!?
Talk to your friends online with Yahoo! Messenger.
http://im.yahoo.com

Current thread:

Re: Private networks and home.{net|com} Sachs, Marcus (Feb 08)
- Re: Private networks and home.{net|com} Rasmus Andersson (Feb 09)
  - Re: Private networks and home.{net|com} Pavel Kankovsky (Feb 10)
- <Possible follow-ups>
- Re: Private networks and home.{net|com} Andersson, Rasmus (Feb 08)
  - Re: Private networks and home.{net|com} Marc Slemko (Feb 09)
- Re: Private networks and home.{net|com} Sachs, Marcus (Feb 09)
- Re: Private networks and home.{net|com} Rasmus Andersson (Feb 10)
- Re: Private networks and home.{net|com} Jeffrey Papen (Feb 10)
- Re: Private networks and home.{net|com} Jeffrey Papen (Feb 10)