nanog mailing list archives
Re: smurf, the MCI-developed tracing tools
From: Dax Kelson <dkelson () inconnect com>
Date: Sun, 28 Dec 1997 21:17:28 -0700 (MST)
Adrian wrote:But this way, people can only spoof IPs from their own block, and not random addresses. It would kill smurf attacks, make tracing a tad(?) easier, etc, etc. And as I've mentioned before, not all types of floods are ICMP attacks. If you filter ICMP, then I'll start flooding with spoofed source addresses TCP packets with random sequence numbers and from IPs. What, you're going to ask routers to track all the TCP connections going through them now for validation? Erm, how many CPUs more are we going to need..? :)
Something else that needs to be done is we need DEFAULT anti-spoof filters on all dialin boxes such as those made by Livingston, Ascend, USR, etc. When a customer calls in and gets assigned an IP address the box should automatically apply an anti-spoof filter to that port dropping any packets with an IP source different than the one assigned. Of course you need a way to overide that for customers who have networks routed to them. The box could the RADIUS "Framed-Route" entry as a hint to which networks to forward IPs from. I've had an RFE in with Livingston for over a year to get that added to ComOS. Dax Kelson Internet Connect, Inc.
Current thread:
- Re: smurf, the MCI-developed tracing tools (was Re: Bogus announcement), (continued)
- Re: smurf, the MCI-developed tracing tools (was Re: Bogus announcement) Darin Wayrynen (Dec 27)
- Re: smurf, the MCI-developed tracing tools (was Re: Bogus announcement) Pete Ashdown (Dec 27)
- Re: smurf, the MCI-developed tracing tools (was Re: Bogus announcement) Darin Wayrynen (Dec 27)
- Re: smurf, the MCI-developed tracing tools (was Re: Bogus announcement) Dorian R. Kim (Dec 27)
- Re: smurf, the MCI-developed tracing tools (was Re: Bogus announcement) Karl Denninger (Dec 27)
- Re: smurf, the MCI-developed tracing tools (was Re: Bogus announcement) Phil Howard (Dec 27)
- Re: smurf, the MCI-developed tracing tools (was Re: Bogus announcement) Karl Denninger (Dec 27)
- Re: smurf, the MCI-developed tracing tools (was Re: Bogus announcement) Ken Leland (Dec 27)
- Re: smurf, the MCI-developed tracing tools (was Re: Bogus announcement) Adrian Chadd (Dec 27)
- Re: smurf, the MCI-developed tracing tools (was Re: Bogus announcement) Ken Leland (Dec 27)
- Re: smurf, the MCI-developed tracing tools Dax Kelson (Dec 28)
- Re: smurf, the MCI-developed tracing tools Karl Denninger (Dec 29)
- Re: smurf, the MCI-developed tracing tools (was Re: Bogus announcement) Karl Denninger (Dec 28)
- Re: smurf, the MCI-developed tracing tools (was Re: Bogus announcement) Adrian Chadd (Dec 28)
- Re: smurf, the MCI-developed tracing tools (was Re: Bogus announcement) Bradley Reynolds (Dec 28)
- Re: smurf, the MCI-developed tracing tools (was Re: Bogus announcement) Adrian Chadd (Dec 28)
- Re: smurf, the MCI-developed tracing tools (was Re: Bogus announcement) Karl Denninger (Dec 28)
- Re: smurf, the MCI-developed tracing tools (was Re: Bogus announcement) Paul Ferguson (Dec 28)
- Re: smurf, the MCI-developed tracing tools (was Re: Bogus announcement) Ken Leland (Dec 28)
- Re: smurf, the MCI-developed tracing tools (was Re: Bogus announcement) Dalvenjah FoxFire (Dec 28)
- Re: smurf, the MCI-developed tracing tools (was Re: Bogus announcement) Alex P. Rudnev (Dec 31)