nanog mailing list archives
Re: routing invalid IP addresses
From: Richard A Steenbergen <ras () e-gerbil net>
Date: Sat, 21 Feb 2004 08:16:12 -0500
On Sat, Feb 21, 2004 at 07:47:46AM -0500, Geo. wrote:
We had an attack here last night and the attack traffic was coming from an IP address of x.x.255.x which isn't a valid IP address yet the traffic was being routed over the internet (as far as I can tell anyway). When I attempted to track down the source I found our cisco routers wouldn't accept the address as valid so it was not possible to null route or trace the traffic.
*GASP* Traffic with an invalid IP address being routed over the Internet? Dear god NOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO! Please say it isn't so. Oh the humanity. Actually, it is a perfectly valid IP address. You just need to turn on ip subnet-zero. http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080093f18.shtml That means nothing however, as there is traffic with invalid source addresses routed over the Internet all the time. Routing has nothing to do with source IP, and everything to do with dest IP. If you want to filter it, use an acl.
Has anyone else ever seen this before? Clue me in?
I don't think an ordinary clue stick will do... Hrm perhaps a stick of clue dynamite is in order. -- Richard A Steenbergen <ras () e-gerbil net> http://www.e-gerbil.net/ras GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)
Current thread:
- Re: Verizon clients DOS own site?, (continued)
- Re: Verizon clients DOS own site? William Warren (Feb 20)
- routing invalid IP addresses Geo. (Feb 21)
- Re: routing invalid IP addresses Bill Woodcock (Feb 21)
- Re: routing invalid IP addresses Geo. (Feb 21)
- Re: routing invalid IP addresses Christopher X. Candreva (Feb 21)
- RE: routing invalid IP addresses Geo. (Feb 21)
- Re: routing invalid IP addresses Brian Knoblauch (Feb 21)
- Re: routing invalid IP addresses Geo. (Feb 21)
- Re: Verizon clients DOS own site? William Warren (Feb 20)
- Re: routing invalid IP addresses Stephen J. Wilcox (Feb 21)
- Re: routing invalid IP addresses bill (Feb 21)
- Re: routing invalid IP addresses Richard A Steenbergen (Feb 21)
- Re: routing invalid IP addresses Laurence F. Sheldon, Jr. (Feb 21)
- Re: routing invalid IP addresses Mikael Abrahamsson (Feb 21)
- Re: routing invalid IP addresses Laurence F. Sheldon, Jr. (Feb 21)