nanog mailing list archives
Re: Smurfing
From: Tatsuya Kawasaki <tatsuya () giganet net>
Date: Wed, 18 Feb 1998 10:36:32 +0900 (JST)
paul, it sounds a good idea but is it possible? I don't think cisco can filter by wrong SRC address bases. ^^^^^ you still can use still use any ip on the same segment. (Big deal, huh? :-) ) Furthermore, it will cause some problem for Mobile IP stuff, if I remember correctly. regards, tatsuya On Tue, 17 Feb 1998, Bradley Reynolds wrote:
See RFC2267. - paulGood news. One more question (just is there is someone from the CISCO) - what's about source-address filtering at default for the access servers/routers? Note all this problems (SMURF, DENIAL-ATTACK, DNS-FRAUDING, etc etc) can be 100% blocked if ISP would not allow it's customers to send IP packets with the wrong SRC address. If not, they (hackers) should found new, new and new tricks to fraud any IP network.You can apply the RPF idiom from multicast to block unicast flooding. This would instantly solve the problem, though I am not sure what overhead the path evaluation would incur. BR brad () iagnet net
Current thread:
- Re: Smurfing, (continued)
- Re: Smurfing Deepak Jain (Feb 13)
- Re: Smurfing Havard . Eidnes (Feb 13)
- Re: Smurfing Randy Bush (Feb 13)
- Message not available
- Re: Smurfing Kelly J. Cooper (Feb 13)
- Re: Smurfing Paul Ferguson (Feb 15)
- Re: Smurfing Randy Bush (Feb 16)
- Message not available
- Re: Smurfing Jay R. Ashworth (Feb 16)
- Re: Smurfing Alex P. Rudnev (Feb 16)
- Re: Smurfing Paul Ferguson (Feb 17)
- Re: Smurfing Bradley Reynolds (Feb 17)
- Re: Smurfing Tatsuya Kawasaki (Feb 17)
- Re: Smurfing Alex P. Rudnev (Feb 18)
- Re: Smurfing Paul Ferguson (Feb 18)
- Re: Smurfing Dean Anderson (Feb 13)
- Re: Smurfing ken emery (Feb 13)
- Re: Smurfing Dean Anderson (Feb 16)
- Message not available
- Re: Smurfing Jay R. Ashworth (Feb 13)
- Re: Smurfing Craig A. Huegen (Feb 13)
- Re: Smurfing David J. Schmidt (Feb 15)
- Re: Smurfing Steve Camas (Feb 15)
- Re: Smurfing Jon Lewis (Feb 15)