nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Broadcast pings.

From: Dean Anderson <dean () av8 com>
Date: Tue, 23 Dec 1997 21:21:37 -0500
At 6:32 PM -0500 12/23/97, Phil Howard wrote:

When a packet arrives, take note of the interface and gateway it came from.
Check the route tables for where a reply to this packet could be delivered.
Don't choose only the best route, but compare where the packet came from
with all valid reply routes (except broad defaults larger than a certain
size that can be configured).  If the packet came from where it is valid
to reply, then allow the packet to proceed.  If not, then discard it (an
ICMP probably won't make it back to the right place anyway).


Actually, you want to check that it is reasonable for a packet with a
particular source address to arrive on a particular interface.

Packets from customers should only come from customer source addresses.
(input filter on the customer link)

Packets from you should only come from your IP space, or that which you
transit for others. (transmit filter at your borders)

All bad packets come from somewhere.  All you can do is make sure they
can't come from your customers.  You can also try not to send them on to
others.

                --Dean


++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
           Plain Aviation, Inc                  dean () av8 com
           LAN/WAN/UNIX/NT/TCPIP          http://www.av8.com
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Previous By Date Next
Previous By Thread Next

Current thread: