Re: Network Operators and smurf

[Phil Howard <phil () charon ipal net>]

Havard.Eidnes () runit sintef no writes...

> It would prevent simple spoofing, yes, but that would not
> eliminate the Smurf attacks since to mount a Smurf attack you
> need to use the victim's address as your source address, and that
> one *is* typically "valid" according to the criteria you mention
> above (?).

But the first router the spoofer hits would NOT likely point the spoofed
address back to the spoofer.  At that router this would stop the spoof.
This is why the feature needs to be shipped on all routers and enabled
by default.

-- 
Phil Howard | no1way99 () no5place edu ads3suck () no8where edu stop5it0 () dumbads2 edu
  phil      | blow0me8 () dumb6ads org ads4suck () noplace3 org stop3ads () noplace0 net
    at      | die1spam () lame8ads com end4it12 () anyplace net stop9597 () spammer8 net
  milepost  | stop5ads () no0place org end7it69 () anyplace edu a8b3c9d6 () dumbads2 com
    dot     | die4spam () lame1ads net stop6it2 () no6where com suck3it1 () spam2mer org
  com       | stop9915 () spam6mer net stop1it8 () nowhere2 org stop0ads () anywhere net