Home page logo

nanog logo nanog mailing list archives

Re: Network Operators and smurf
From: "John A. Tamplin" <jat () traveller com>
Date: Fri, 24 Apr 1998 18:06:50 -0500 (CDT)

On Fri, 24 Apr 1998, Karl Denninger wrote:

Well, there is a simple knob for this:

If the Knob is turned "ON", then any packet from a source address which is 
not routed to the interface it came in on is dropped.

This works for static, dynamic, and all other kinds of routing.    It will
solve the problem and is trivial to implement - if any of the vendors care.

It doesn't work for asymmetric routing as you describe it above. If you
modify your criteria to be that there are no valid routes out that
interface, you would only break transient routing conditions, but
depending on how the router stores routes it may not be possible (or
desirable due to memory requirements) to implement. 

John Tamplin                                    Traveller Information Services
jat () Traveller COM                            2104 West Ferry Way
205/883-4233x7007                               Huntsville, AL 35801

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]