nanog mailing list archives
Re: Network Operators and smurf
From: Robert Sanders <rsanders () mindspring net>
Date: Fri, 24 Apr 1998 19:09:39 -0400
There isn't a simple knob, but then it isn't simple to know what a forgery is. You to have tell the router.
That's what routing protocols are for, right? :-) I thought I had read on cisco-nsp that 11.1CC implemented the long-discussed feature of not accepting packets from an interface unless the router held a route for the source address of that packet back out that interface, but I can't find that message now. I wonder what that does to forwarding rates on VIP2s and 12000s.
Or, another perhaps better way is to only accept packets from your customer networks which are sourced from those networks. Each customer interface then has an inbound filter the blocks everything not sourced from your customers network.
As I told Jay, we have modified our RADIUS server to do exactly this on the fly for 3com NETservers, 3com HiPer ARCs, and Bay 5399/8000s (and probably any other Annexish box with RADIUS support). This is great until you accept routing information from one of your downstreams. One might argue that you shouldn't peer (or listen to RIP or OSPF) from a network that'll carry spoofed packets, but I don't think that's practicable for the Internet of today. Not all the equipment is capable, not all the operators are clueful, and there aren't enough incentives to change that overnight. I won't even touch the issue of "legitimate spoofing" which rears its ugly head in the telco return satellite and cable modem scenarios. Strict asymmetry does make things more complicated. regards, -- Robert
Current thread:
- Re: Network Operators and smurf, (continued)
- Re: Network Operators and smurf Dean Anderson (Apr 24)
- Re: Network Operators and smurf Karl Denninger (Apr 24)
- Re: Network Operators and smurf John A. Tamplin (Apr 24)
- Re: Network Operators and smurf Karl Denninger (Apr 24)
- Re: Network Operators and smurf Robert Sanders (Apr 26)
- Message not available
- Re: Network Operators and smurf Jay R. Ashworth (Apr 24)
- Message not available
- Re: Network Operators and smurf Jay R. Ashworth (Apr 24)
- Re: Network Operators and smurf Dean Anderson (Apr 24)
- Re: Network Operators and smurf Jay R. Ashworth (Apr 24)
- Re: Network Operators and smurf Christopher Neill (Apr 26)
- Re: Network Operators and smurf Robert Sanders (Apr 26)
- Re: Network Operators and smurf Phil Howard (Apr 26)
- Re: Network Operators and smurf Havard . Eidnes (Apr 25)
- Re: Network Operators and smurf Al Reuben (Apr 25)
- Re: Network Operators and smurf Havard . Eidnes (Apr 25)
- Re: Network Operators and smurf Al Reuben (Apr 25)
- Re: Network Operators and smurf Havard . Eidnes (Apr 25)
- Re: Network Operators and smurf Al Reuben (Apr 25)
- Re: Network Operators and smurf Havard . Eidnes (Apr 25)
- Re: Network Operators and smurf Phil Howard (Apr 26)
- Re: Network Operators and smurf Phil Howard (Apr 26)