nanog mailing list archives
Re: Network Operators and smurf
From: Havard.Eidnes () runit sintef no
Date: Sat, 25 Apr 1998 18:35:22 +0200
This should (naturally) be implemented where routing is symmetric and where a "reverse-path check" (looking up the source address in the routing table to find the "expected" incoming interface and checking whether the packet did indeed enter through that interface)The big question is, what do you do if most of your traffic _is_ asymetrical?
Well, in that case you can't apply this method. It may however make sense to think of reengineering the network so that those boxes which can't do this check sits "behind" such a RPF-checking box.
I mean, a more basic check could be, "Does the network that this packet was sourced from exist *at all*?", or "Do I have a route back to the source network through *any* interface?" That would cut down on a good amount of spoofing, like the idiots who spoof from 1.1.1.1 etc.
It would prevent simple spoofing, yes, but that would not eliminate the Smurf attacks since to mount a Smurf attack you need to use the victim's address as your source address, and that one *is* typically "valid" according to the criteria you mention above (?). - HÃ¥vard
Current thread:
- Re: Network Operators and smurf, (continued)
- Re: Network Operators and smurf Robert Sanders (Apr 26)
- Message not available
- Re: Network Operators and smurf Jay R. Ashworth (Apr 24)
- Message not available
- Re: Network Operators and smurf Jay R. Ashworth (Apr 24)
- Re: Network Operators and smurf Dean Anderson (Apr 24)
- Re: Network Operators and smurf Jay R. Ashworth (Apr 24)
- Re: Network Operators and smurf Christopher Neill (Apr 26)
- Re: Network Operators and smurf Robert Sanders (Apr 26)
- Re: Network Operators and smurf Phil Howard (Apr 26)
- Re: Network Operators and smurf Havard . Eidnes (Apr 25)
- Re: Network Operators and smurf Al Reuben (Apr 25)
- Re: Network Operators and smurf Havard . Eidnes (Apr 25)
- Re: Network Operators and smurf Al Reuben (Apr 25)
- Re: Network Operators and smurf Havard . Eidnes (Apr 25)
- Re: Network Operators and smurf Al Reuben (Apr 25)
- Re: Network Operators and smurf Havard . Eidnes (Apr 25)
- Re: Network Operators and smurf Phil Howard (Apr 26)
- Re: Network Operators and smurf Phil Howard (Apr 26)
- Re: Network Operators and smurf Brian Holt (Apr 25)
- Re: Network Operators and smurf Alex P. Rudnev (Apr 27)
- RE: Network Operators and smurf barton (Apr 25)