nanog mailing list archives
Re: Network Operators and smurf
From: Karl Denninger <karl () mcs net>
Date: Fri, 24 Apr 1998 17:59:29 -0500
On Fri, Apr 24, 1998 at 06:39:28PM -0400, Dean Anderson wrote:
At 5:53 PM -0400 4/24/98, Jay R. Ashworth wrote:It's been my understanding that the knobs are in fact _not_ there, Dean, but I'd be happy to be proven wrong.There isn't a simple knob, but then it isn't simple to know what a forgery is. You to have tell the router. The router doesn't know what you and other people "own", but you can tell it. I'd say there isn't a way to make a simple on/off knob for that, because there isn't any way to tell who you will transit for and who you won't. On your outbound interface(s): access-list 101 permit ip <yournet-1> any out access-list 101 permit ip <yournet-2> any out ... access-list 101 deny ip any any out This allows only packets sourced from your networks to be sent. Or, another perhaps better way is to only accept packets from your customer networks which are sourced from those networks. Each customer interface then has an inbound filter the blocks everything not sourced from your customers network. --Dean
Well, there is a simple knob for this: If the Knob is turned "ON", then any packet from a source address which is not routed to the interface it came in on is dropped. This works for static, dynamic, and all other kinds of routing. It will solve the problem and is trivial to implement - if any of the vendors care. -- -- Karl Denninger (karl () MCS Net)| MCSNet - Serving Chicagoland and Wisconsin http://www.mcs.net/ | T1's from $600 monthly / All Lines K56Flex/DOV | NEW! Corporate ISDN Prices dropped by up to 50%! Voice: [+1 312 803-MCS1 x219]| EXCLUSIVE NEW FEATURE ON ALL PERSONAL ACCOUNTS Fax: [+1 312 803-4929] | *SPAMBLOCK* Technology now included at no cost
Current thread:
- Network Operators and smurf Rusty Zickefoose (Apr 24)
- Message not available
- Re: Network Operators and smurf Jay R. Ashworth (Apr 24)
- Re: Network Operators and smurf Dean Anderson (Apr 24)
- Message not available
- Re: Network Operators and smurf Jay R. Ashworth (Apr 24)
- Re: Network Operators and smurf Dean Anderson (Apr 24)
- Re: Network Operators and smurf Karl Denninger (Apr 24)
- Re: Network Operators and smurf John A. Tamplin (Apr 24)
- Re: Network Operators and smurf Karl Denninger (Apr 24)
- Re: Network Operators and smurf Robert Sanders (Apr 26)
- Message not available
- Re: Network Operators and smurf Jay R. Ashworth (Apr 24)
- Re: Network Operators and smurf Jay R. Ashworth (Apr 24)
- Message not available
- Message not available
- Re: Network Operators and smurf Jay R. Ashworth (Apr 24)
- Re: Network Operators and smurf Dean Anderson (Apr 24)
- Re: Network Operators and smurf Jay R. Ashworth (Apr 24)
- Re: Network Operators and smurf Christopher Neill (Apr 26)
- Re: Network Operators and smurf Robert Sanders (Apr 26)
- Re: Network Operators and smurf Phil Howard (Apr 26)