nanog mailing list archives
Re: Network Operators and smurf
From: Havard.Eidnes () runit sintef no
Date: Sat, 25 Apr 1998 18:19:26 +0200
2. Routers/Gateways should be configured to drop all packets with invalid source addresses. The problem is us. This isn't a research network run and maintained by the knowledgable. This is a business. We're selling a product, and if we expect it to operate as advertised, it's up to us to educate those we sell it to.The problem isn't us. It's cicso, and Bay, and Ascend, and... everyone who won't put an anti-forging filter on their border routers so we _can_ turn it on. The first time someone co-sues cisco, it'll get fixed with 30 days.
Current recipe for anti-forging with Cisco hardware: o Pick up CEF code (11.1(17)CC, which doesn't yet (?) exist for all Cisco platforms, unfortunately) o Configure: ! ip cef switch ! or "ip cef distributed switch" for an RSP+VIP2 based box ! interface whatever ip verify unicast reverse-path ! This should (naturally) be implemented where routing is symmetric and where a "reverse-path check" (looking up the source address in the routing table to find the "expected" incoming interface and checking whether the packet did indeed enter through that interface) makes sense. If you have Ascend/Livingston or other dial-up equipment this check should probably be implemented in the closest up-stream router which has this capability, and definately not in a router which could take part in asymmetric traffic patterns. - HÃ¥vard
Current thread:
- Re: Network Operators and smurf, (continued)
- Re: Network Operators and smurf John A. Tamplin (Apr 24)
- Re: Network Operators and smurf Karl Denninger (Apr 24)
- Re: Network Operators and smurf Robert Sanders (Apr 26)
- Message not available
- Re: Network Operators and smurf Jay R. Ashworth (Apr 24)
- Message not available
- Re: Network Operators and smurf Jay R. Ashworth (Apr 24)
- Re: Network Operators and smurf Dean Anderson (Apr 24)
- Re: Network Operators and smurf Jay R. Ashworth (Apr 24)
- Re: Network Operators and smurf Christopher Neill (Apr 26)
- Re: Network Operators and smurf Robert Sanders (Apr 26)
- Re: Network Operators and smurf Phil Howard (Apr 26)
- Re: Network Operators and smurf Havard . Eidnes (Apr 25)
- Re: Network Operators and smurf Al Reuben (Apr 25)
- Re: Network Operators and smurf Havard . Eidnes (Apr 25)
- Re: Network Operators and smurf Al Reuben (Apr 25)
- Re: Network Operators and smurf Havard . Eidnes (Apr 25)
- Re: Network Operators and smurf Al Reuben (Apr 25)
- Re: Network Operators and smurf Havard . Eidnes (Apr 25)
- Re: Network Operators and smurf Phil Howard (Apr 26)
- Re: Network Operators and smurf Phil Howard (Apr 26)
- Re: Network Operators and smurf Brian Holt (Apr 25)
- Re: Network Operators and smurf Alex P. Rudnev (Apr 27)