nanog mailing list archives
Re: Ping flooding (fwd)
From: "Justin W. Newton" <justin () erols com>
Date: Tue, 09 Jul 1996 13:43:34 -0400
At 10:43 PM 7/8/96 -0400, Todd Graham Lewis wrote:
If you have a very restrictive security policy, then you might want to place a packet filter on all outgoing traffic. If your network is 10.1.1.64/26, then you might have the following two rules: action source destination ------ ------ ----------- allow 10.1.1.64/26 * deny * * Of course, no one does this, because it is very time consuming for your router to examine every packet in this way. This translates into more marginal cost on your hardware for very little return. Say that person X, the person who owns the network from which these pings are apparently originating, did have such a filter. What does this do? It proves that the packets are not originating on his network. Does it stop anyone else from forging these packets? No.
Actually it doesn't prove that. The filter would /allow/ the pavckets to pass through the router since they were coming from one of his networks. If everyone else on the planet had such a rule it would prove that it /was/ coming from him. Justin Newton Internet Architect Erol's Internet Services - - - - - - - - - - - - - - - - -
Current thread:
- Re: Ping flooding (fwd), (continued)
- Re: Ping flooding (fwd) Per Gregers Bilse (Jul 10)
- Re: Ping flooding (fwd) Daniel W. McRobb (Jul 09)
- Re: Ping flooding (fwd) Curtis Villamizar (Jul 09)
- Re: Ping flooding (fwd) Curtis Villamizar (Jul 09)
- Re: Ping flooding (fwd) Per Gregers Bilse (Jul 09)
- Re: Ping flooding (fwd) David R. Conrad (Jul 08)
- Re: Ping flooding (fwd) Perry E. Metzger (Jul 08)
- Re: Ping flooding (fwd) Jordy (Jul 09)
- Message not available
- Re: Ping flooding (fwd) Dick St.Peters (Jul 09)
- Re: Ping flooding (fwd) Todd Graham Lewis (Jul 09)
- Re: Ping flooding (fwd) Dick St.Peters (Jul 09)
- Re: Ping flooding (fwd) Justin W. Newton (Jul 09)
- Re: Ping flooding (fwd) George Herbert (Jul 09)
- Re: Ping flooding (fwd) Forrest W. Christian (Jul 09)
- Re: Ping flooding (fwd) Justin W. Newton (Jul 09)
- Re: Ping flooding (fwd) Doug Stanfield (Jul 09)
- Re: Ping flooding (fwd) Curtis Villamizar (Jul 09)
- Re: Ping flooding (fwd) Vadim Antonov (Jul 09)
- Re: Ping flooding Jerry Anderson (Jul 09)
- Re: Ping flooding (fwd) Sean Doran (Jul 09)
- Re: Ping flooding (fwd) Dorian Kim (Jul 10)
- Re: Ping flooding (fwd) Sean Doran (Jul 09)