Home page logo

nanog logo nanog mailing list archives

Re: NSPs and filters (fwd)
From: Daniel Senie <dts () proteon com>
Date: Mon, 14 Jul 1997 12:29:32 -0400

Sean M. Doran wrote:

Jon Lewis <jlewis () inorganic5 fdt net> writes:

Unless I'm mistaken, forged UDP requires root access and (at the volume we
received) was likely from a host with T1 or better
connection to the net.

You just described nearly every PeeCee at nearly every
higher educational institution in North America and
northern Europe, and several parts of Asia, too.

And it goes beyond that... Every PC running Windows (or any other OS,
for that matter) has complete ability to do anything with IP. So, any
user on a dialup line into any ISP is a possible source of attacks.

This is why I think the RAS servers need to be able to filter right at
the point of the dialup. There, the comparison is a simple compare of a
32 bit integer (IP address assigned to the dialup user, compared to the
IP address of packets received from the user). Any discrepancies should
set off alarm bells...

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]