Re: Ping flooding (fwd)

[George Herbert <gherbert () crl com>]

> > If you have a very restrictive security policy, then you might want to 
> > place a packet filter on all outgoing traffic.  If your network is 
> > 10.1.1.64/26, then you might have the following two rules:
> > [...]
> > Say that person X, the person who owns the network from which these pings 
> > are apparently originating, did have such a filter.  What does this do?  
> > It proves that the packets are not originating on his network.  Does it 
> > stop anyone else from forging these packets?  No.
>
> Actually it doesn't prove that.  The filter would /allow/ the pavckets to
> pass through the router since they were coming from one of his networks.  If
> everyone else on the planet had such a rule it would prove that it /was/
> coming from him.

It doesn't prevent someone at another ISP from doing that sort of attack,
but it does prevent that sort of attack from origionating at your site
using faked source addresses to cause someone else problems tracking it down.
It's not a defense for you per se, it's a defense for the rest of the net
from you.  Responsible net citizenship and all that...


-george william herbert
gherbert () crl com

- - - - - - - - - - - - - - - - -