Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Egress checking (was Re: Networking theories)

From: stpeters () NETHEAVEN COM (Dick St.Peters)
Date: Fri, 5 May 2000 23:29:12 -0400

ISPs *should* be doing egress checking.  We've been doing it for more
than 4 years.  We not only block foreign-source packets, we log every
one blocked and track down the perpetrators.

(The overwhelming majority of such packets are from leaking VPNs.
Most "perpetrators" are just victims of lousy software, but we've
uncovered a few not-so-benign cases.)

--
Dick St.Peters, stpeters () NetHeaven com

Matthew King writes:

Not many ISP or providers actually do that kind of egress checking.. I do
not know of many here in Oz that do.

Cya
Matthew

 -----Original Message-----
From:         Bluefish [mailto:11a () GMX NET]
Sent: Saturday, 6 May 2000 10:07 AM
To:   VULN-DEV () SECURITYFOCUS COM
Subject:      Re: Networking theories


victim.org(spoofed) ---> ICMP(source-quench) --->
router.victim.org


Actually, there was a email from... cert (I think) ... intended for larger
companies and ISPs with guidelines for combating DDoS. Among those
guidelines there was recommendations of checking source IP. So it's a
known problem which responsible ISPs will stop (but probably most doesn't)

..:::::::::::::::::::::::::::::::::::::::::::::::::..
     http://www.11a.nu || http://bluefish.11a.nu
    eleventh alliance development & security team
Previous By Date Next
Previous By Thread Next

Current thread: