nanog mailing list archives
Re: Network Operators and smurf
From: Phil Howard <phil () charon ipal net>
Date: Fri, 24 Apr 1998 18:55:56 -0500 (CDT)
Dean Anderson writes...
There isn't a simple knob, but then it isn't simple to know what a forgery is. You to have tell the router. The router doesn't know what you and other people "own", but you can tell it. I'd say there isn't a way to make a simple on/off knob for that, because there isn't any way to tell who you will transit for and who you won't.
[access list example not included] It could be simple knob, and I believe it is simple to know what a forgery is. If the source address, when treated as a destination and used to look up the routing entries (all of them), indicates a return path scope that includes the actual interface or interface:gateway that the packet did arrive from, then it is most likely not a forgery, whereas if the arrival interface or interface:gateway is not in the list, it most likely is a forgery. While this might break some extreme cases of asymmetric routing, it does appear to me to be sufficiently able to filter enough source forgeries as to seriously discourge the practice. Unlike access lists, this would be very easy to configure. Unlike access lists, it could default to enabled, which I think it should be. Its costs in CPU time (mostly the route lookup) could be made up for to some degree be not having to have so many access list entries to accomplish the same effect. And you won't have to go update all your configurations when a new network block is acquired, or a customer comes online with portable address space or dual-homes (a serious situation for backbone providers). -- Phil Howard | die0spam () spammer1 net no3way64 () no6place edu suck4it4 () dumb3ads net phil | stop2ads () spammer8 net no00ads0 () spammer0 edu eat20me0 () dumb5ads org at | no28ads4 () noplace3 edu die6spam () spam3mer edu eat4this () no7where com ipal | blow1me7 () dumbads3 com eat4this () anyplace edu ads8suck () spam8mer com dot | eat0this () no7place org blow7me6 () spammer1 org blow6me3 () nowhere3 edu com | ads1suck () no5where com a1b3c3d2 () anyplace edu no0way56 () no2place org
Current thread:
- Re: Network Operators and smurf, (continued)
- Re: Network Operators and smurf Karl Denninger (Apr 24)
- Re: Network Operators and smurf John A. Tamplin (Apr 24)
- Re: Network Operators and smurf Karl Denninger (Apr 24)
- Re: Network Operators and smurf Robert Sanders (Apr 26)
- Message not available
- Re: Network Operators and smurf Jay R. Ashworth (Apr 24)
- Message not available
- Re: Network Operators and smurf Jay R. Ashworth (Apr 24)
- Re: Network Operators and smurf Dean Anderson (Apr 24)
- Re: Network Operators and smurf Jay R. Ashworth (Apr 24)
- Re: Network Operators and smurf Christopher Neill (Apr 26)
- Re: Network Operators and smurf Robert Sanders (Apr 26)
- Re: Network Operators and smurf Phil Howard (Apr 26)
- Re: Network Operators and smurf Havard . Eidnes (Apr 25)
- Re: Network Operators and smurf Al Reuben (Apr 25)
- Re: Network Operators and smurf Havard . Eidnes (Apr 25)
- Re: Network Operators and smurf Al Reuben (Apr 25)
- Re: Network Operators and smurf Havard . Eidnes (Apr 25)
- Re: Network Operators and smurf Al Reuben (Apr 25)
- Re: Network Operators and smurf Havard . Eidnes (Apr 25)
- Re: Network Operators and smurf Phil Howard (Apr 26)
- Re: Network Operators and smurf Phil Howard (Apr 26)
- Re: Network Operators and smurf Brian Holt (Apr 25)