nanog mailing list archives
Re: Blocking spoofing at the source (was: ICMP Attacks??)
From: Robert Sanders <rsanders () mindspring net>
Date: 29 Aug 1997 18:17:21 -0400
"Jay R. Ashworth" <jra () scfn thpl lib fl us> writes:
I think if Ascend, Livingston, and USR -- just those 3 -- put filters on their dialup ports to prevent source address spoofing, the problem would probably drop in half.
Don't hold your breath if you're expecting the vendors to implement it. I hope they do, but I'm certainly not waiting for it. Features tend to appear in order of financial impact, and I can't imagine the large customers of Ascend, Livingston, and USR walking away from their current access platforms if their vendors don't implement automatic source address filters. I say that as a fairly large USR/3com customer, but two or three ports shy of IBM and Compuserve. I've just finished some RADIUS server patches which implement per-user anti-spoofing filter creation on USR Total Control NETservers (and probably USR/3com HiPer ARCs, but I haven't tested with ours yet). I hope to have them working for Ascend Maxen within the next couple of weeks. Livingston doesn't seem to have the RADIUS support for specifying dynamic per-user filters (not just filter-ids), though I haven't investigated their ChoiceNet product thoroughly enough to know for sure. It certainly seems that it would need dynamic filter creation. Unfortunately, our RADIUS server has mutated to such an extent that our changes won't apply to any of the source-available RADIUS servers. We don't even use attribute/value users files anymore. All our user information is stored in a more abstract intermediate format. I want to port the filter code to the most popular versions (Livingston 1.16, Merit, Ascend), but I don't have much free time. If anybody's interested in using these filters, or especially if you're interested in helping to port them to other servers, please let me know. I plan to deploy anti-spoofing filters throughout our access network before the end of September. Is anybody else running or planning to implement similar filters? regards, -- Robert
Current thread:
- Re: ICMP Attacks???????, (continued)
- Re: ICMP Attacks??????? Jon Green (Aug 21)
- Re: ICMP Attacks??????? Greg A. Woods (Aug 21)
- Re: ICMP Attacks??????? Jon Green (Aug 22)
- Re: ICMP Attacks??????? Greg A. Woods (Aug 22)
- Re: ICMP Attacks??????? Joe Rhett (Aug 22)
- Message not available
- Re: ICMP Attacks??????? Jay R. Ashworth (Aug 22)
- Re: ICMP Attacks??????? Josh Beck (Aug 21)
- Blocking spoofing at the source (was: ICMP Attacks??) Joe Rhett (Aug 22)
- Re: Blocking spoofing at the source (was: ICMP Attacks??) Josh Beck (Aug 22)
- Message not available
- Re: Blocking spoofing at the source (was: ICMP Attacks??) Jay R. Ashworth (Aug 22)
- Re: Blocking spoofing at the source (was: ICMP Attacks??) Robert Sanders (Aug 29)
- Re: Blocking spoofing at the source (was: ICMP Attacks??) Phil Howard (Aug 22)
- Re: Blocking spoofing at the source (was: ICMP Attacks??) Robert Sanders (Aug 29)
- Re: ICMP Attacks??????? Peter E. Giza (Aug 21)
- Re: ICMP Attacks??????? Jon Lewis (Aug 21)
- Re: ICMP Attacks??????? Alex "Mr. Worf" Yuriev (Aug 21)
- Re: ICMP Attacks??????? Jon Lewis (Aug 21)
- Re: ICMP Attacks??????? Edward Henigin (Aug 21)
- Re: ICMP Attacks??????? Alex Przekupowski (Aug 22)
- Message not available
- Re: ICMP Attacks??????? Jay R. Ashworth (Aug 22)