nanog mailing list archives
Re: NSPs and filters (fwd)
From: Barney Wolff <barney () databus com>
Date: Mon, 14 Jul 1997 14:20 EDT
Date: Mon, 14 Jul 1997 12:29:32 -0400 From: Daniel Senie <dts () proteon com> And it goes beyond that... Every PC running Windows (or any other OS, for that matter) has complete ability to do anything with IP. So, any user on a dialup line into any ISP is a possible source of attacks. This is why I think the RAS servers need to be able to filter right at the point of the dialup. There, the comparison is a simple compare of a 32 bit integer (IP address assigned to the dialup user, compared to the IP address of packets received from the user). Any discrepancies should set off alarm bells...
Some ISPs, including the very large one for which I wrote the PPP code, already do this. Source address assurance is the mirror image of destination-based routing. That's not to say that routing is always symmetrical, but the problem is no harder, and can be made no slower. Barney Wolff <barney () databus com>
Current thread:
- Re: NSPs and filters (fwd) Michael (Jul 12)
- Re: NSPs and filters (fwd) Jon Lewis (Jul 12)
- Re: NSPs and filters (fwd) Sean M. Doran (Jul 14)
- Re: NSPs and filters (fwd) Jon Lewis (Jul 14)
- Re: NSPs and filters (fwd) Daniel Senie (Jul 14)
- Re: NSPs and filters (fwd) Jon Lewis (Jul 14)
- Re: NSPs and filters (fwd) Sean M. Doran (Jul 14)
- Re: NSPs and filters (fwd) Jon Lewis (Jul 12)
- <Possible follow-ups>
- Re: NSPs and filters (fwd) Barney Wolff (Jul 14)