mailing list archives
Re: Network Operators and smurf
From: "Jay R. Ashworth" <jra () scfn thpl lib fl us>
Date: Fri, 24 Apr 1998 18:55:53 -0400
On Fri, Apr 24, 1998 at 06:39:28PM -0400, Dean Anderson wrote:
Dean, but I'd be happy to be proven wrong.
There isn't a simple knob, but then it isn't simple to know what a forgery
is. You to have tell the router. The router doesn't know what you and
other people "own", but you can tell it. I'd say there isn't a way to make
a simple on/off knob for that, because there isn't any way to tell who you
will transit for and who you won't.
Or, another perhaps better way is to only accept packets from your customer
networks which are sourced from those networks. Each customer interface
then has an inbound filter the blocks everything not sourced from your
That was the idea. I was, as noted, mostly talking about router
interfaces with only one network (block) behind it. I gather a large
part of it comes from dialups, where the remote network is a /32.
in any event, I'm not sure I made the query explicit enough, from a
couple of replies I got: the knob I'm specifically interested in says
"don't forward packets with source addresses that can't be routed back
out this port".
Jay R. Ashworth jra () baylink com
Member of the Technical Staff Unsolicited Commercial Emailers Sued
The Suncoast Freenet "Two words: Darth Doogie." -- Jason Colby,
Tampa Bay, Florida on alt.fan.heinlein +1 813 790 7592
Managing Editor, Top Of The Key sports e-zine ------------ http://www.totk.com