nanog mailing list archives
Re: icmp rpf
From: Fernando Gont <fernando () frh utn edu ar>
Date: Mon, 25 Sep 2006 17:35:13 -0300
At 10:06 25/09/2006, Ian Mason wrote:
One of the largest North American network providers filters/drops ICMP messages so that they only pass those with a source IP address that appears in their routing table.This is clearly reasonable as part of an effort to mitigate ICMP based network abuse.
As a matter of fact, most ICMP-based attacks don't require spoofing of the source IP address. You do have to spoof the addresses in the "original datagram" included in the ICMP payload, though.
Kindest regards, -- Fernando Gont e-mail: fernando () gont com ar || fgont () acm org PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1
Current thread:
- Re: New router feature - icmp error source-interface [was: icmp rpf], (continued)
- Re: New router feature - icmp error source-interface [was: icmp rpf] Richard A Steenbergen (Sep 25)
- Re: New router feature - icmp error source-interface [was: icmp rpf] Patrick W. Gilmore (Sep 25)
- Comcast contact Anshuman Kanwar (Sep 25)
- Re: Comcast contact Peter Cohen (Sep 26)
- Re: New router feature - icmp error source-interface [was: icmp rpf] John Curran (Sep 25)
- Re: New router feature - icmp error source-interface [was: icmp rpf] Richard A Steenbergen (Sep 25)
- Re: New router feature - icmp error source-interface [was: icmp rpf] Joseph S D Yao (Sep 25)
- Re: New router feature - icmp error source-interface [was: icmp rpf] Chris L. Morrow (Sep 25)
- Re: New router feature - icmp error source-interface [was: icmp rpf] Daniel Senie (Sep 25)
- Re: New router feature - icmp error source-interface [was: icmp rpf] Payam Tarverdyan Chychi (Sep 25)
- Re: icmp rpf Mark Kent (Sep 25)
- Re: icmp rpf Patrick W. Gilmore (Sep 25)
- Re: icmp rpf Patrick W. Gilmore (Sep 26)
- Re: icmp rpf Jared Mauch (Sep 26)