Re: Actions to quiet the Smurf amplifiers?

[Danny McPherson <danny () tcb net>]

ingress filtering .. that's a novel idea :-)  

-danny

Phil Howard wrote:
> The method involves a software design change in the routers.  For each
> arriving packet, in addition to doing a routing lookup based on the
> destination, also do a routing lookup based on the source address.
> If the interface the packet arrived on is NOT in the list of addresses
> that routing back to the source suggests, then discard the packet.
> That will drop the majority of packets before they even read smurf
> amplifiers, as they are generally forge-sourced to the ultimate target
> of the attack.  The first router hop with this implemented where the
> source address is invalid will stop the attack.  The core backbone
> probably does not need to have this enabled, but all the leafs from it
> should to ensure no forged sources can get through.