[prev in list] [next in list] [prev in thread] [next in thread] 

List:       nanog
Subject:    Re: Smurfing
From:       Bradley Reynolds <brad () baz ! org>
Date:       1998-02-17 22:39:39
[Download RAW message or body]

> See RFC2267.
> 
> - paul
> 
> 
> > Good news.
> > 
> > One more question (just is there is someone from the CISCO) - what's 
> > about source-address filtering at default for the access servers/routers? 
> > Note all this problems (SMURF, DENIAL-ATTACK, DNS-FRAUDING, etc etc) can 
> > be 100% blocked if ISP would not allow it's customers to send IP packets 
> > with the wrong SRC address. If not, they (hackers) should found new, new 
> > and new tricks to fraud any IP network.
> > 
> 
You can apply the RPF idiom from multicast to block unicast
flooding.  This would instantly solve the problem, though I am 
not sure what overhead the path evaluation would incur.

BR

brad@iagnet.net

[prev in list] [next in list] [prev in thread] [next in thread]