Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Automatic antispoofing rules on access servers.

From: Ryan Permeh <Ryan () EEYE COM>
Date: Tue, 19 Sep 2000 10:41:59 -0700
although this is a neat idea, placing antispoofing rules on your border
acheives thew same level of protection at a much lower administrative cost.
i used to work at an isp, and puting together possibly thousands
antispoofing rules by hand in an understaffed, undertechnical environment is
a hard thing to do.  Especcially in the isp aquisition climate where your
netblocks may not be the same for a while.  If we got people to shut off
broadcasts(at least icmp, if not all) and spoofing at the borders it would
help a whole lot.

PS: this doesn't just apply to isp's.  there are schools and buisnesses that
are just as guilty (and sometimes have just as big networks).
Signed,
Ryan
eEye Digital Security Team
http://www.eEye.com
----- Original Message -----
From: "Lincoln Yeoh" <lyeoh () POP JARING MY>
To: <VULN-DEV () SECURITYFOCUS COM>
Sent: Monday, September 18, 2000 7:50 PM
Subject: Automatic antispoofing rules on access servers.



I believe antispoofing filters won't really use up much CPU. So probably
one of the main reasons ISPs don't use them at their access servers is the
administrative cost in maintaining the rules.

However I recently noticed that Cisco has a feature which seems to make
this simpler to do.



http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121newft/121

t/121t2/rpf_plus.htm

Do other major router/access server manufacturers have similar features?

If such features were more widely used, smurfing and spoofing stuff would
be a lot more difficult than it is now.

Are there any problems which would discourage use by ISPs?

Cheerio,
Link.
Previous By Date Next
Previous By Thread Next

Current thread: