Re: Router modifications to deal with smurf

[John Hawkinson <jhawk () bbnplanet com>]

>         We requests that your routers be configurable, at the interface
> level, to prevent the forwarding of an ICMP echo-request packet through an
> interface that has a broadcast or wire address that matches the
> destination address of that packet.

Modifications that cause the forwarding path to behave differently
for some type of packets are *bad*. ICMP echo-requests should be treated
identically to other sorts of packets.

If you s/an ICMP echo-request/an IP/, then you have the same
as "no ip directed-broadcast". Your wording is sufficiently vague such that
I can't tell if that's what you meant or not. I don't know if you're
trying to avoid being cisco-specific, or if you're being vague for some
other reason.

> We also request that the default configurations of your routers be
> modified to prevent said forwarding.

I don't have a problem with this.

>         We request that your routers be configurable, both globally and
> and the interface level, with the interface configuration overiding the
> global configuration, to prevent the forwarding of an IP packet with a
> source network address different from the network address of the interface
> on which it was received.  We also request that the default configurations
> of your routers be modified to prevent, globally, said forwarding. 

I'd be concerned that having this as a default is not necessarily
the right thing in sufficiently large numbers of situations as to
make this a bad idea.

--jhawk