nanog mailing list archives
Re: Things to do to make the network better
From: Tom Killalea <tomk () nwnet net>
Date: Mon, 05 Jan 1998 09:56:43 -0800
I will also point out that many of the recent "smurf" attacks and similar problems people are having on the net would be gone if people would just carefully filter internal/external addresses on their border machines, that is, prevent packets claiming to be from "inside" networks from coming in from the "outside", and prevent packets claiming to be from "outside" networks from going out from the "inside". The latter will stop your network from *ever* being the source of a wide variety of packet forgery attacks, and is necessary to being a good network citizen. The former will stop your network from being the subject of a wide variety fo packet forgery attacks, and is necessary to make your customers even remotely safe on the net.
I strongly recommend such filtering in sections 5.7 and 5.8 of my "Security Expectations for Internet Service Providers" draft ftp://ds.internic.net/internet-drafts/draft-ietf-grip-isp-02.txt and we've heard Paul plug ftp://ds.internic.net/internet-drafts/draft-ferguson-ingress-filtering-03.txt here many times. To answer Owen comments regarding the difficulty of filtering for transit providers, I argue that filtering should happen as close to the actual hosts as possible. Tom. -- Tom Killalea (425) 649-7417 NorthWestNet tomk () nwnet net
Current thread:
- Things to do to make the network better Perry E. Metzger (Jan 05)
- Re: Things to do to make the network better Tom Killalea (Jan 05)
- Re: Things to do to make the network better Morten Reistad (Jan 07)
- Re: Things to do to make the network better Jon Lewis (Jan 07)
- Re: Things to do to make the network better Morten Reistad (Jan 08)
- Re: Things to do to make the network better Havard . Eidnes (Jan 08)
- Re: Things to do to make the network better Morten Reistad (Jan 08)
- Re: Things to do to make the network better Havard . Eidnes (Jan 08)
- Re: Things to do to make the network better Morten Reistad (Jan 07)
- Re: Things to do to make the network better Jon Lewis (Jan 08)
- Re: Things to do to make the network better Tom Killalea (Jan 05)
- <Possible follow-ups>
- Re: Things to do to make the network better Owen DeLong (Jan 05)
- Re: Things to do to make the network better Paul A Vixie (Jan 05)
- Re: Things to do to make the network better Perry E. Metzger (Jan 05)