Home page logo
/

nanog logo nanog mailing list archives

Re: Network Operators and smurf
From: Havard.Eidnes () runit sintef no
Date: Sat, 25 Apr 1998 19:37:36 +0200

Wait; all traffic is coming in one interface. The CEF thing
will have no effect if the spoofed source address is a real
network.

"The CEF thing" configuration from my first message in this
thread does the following:

For each packet entering an interface with "ip verify unicast
reverse-path" turned on, the router will look up the source
address from the IP packet in the CEF table and find the
interface (or set of interfaces) it would use to route back to
the source.  If the incoming interface for the actual packet is
not among those returned by the "reverse-path" lookup, the packet
is dropped on the floor.

From my point of view this is exactly the sort of functionality
which is needed to prevent us from being the host (originator) of
a Smurf attack (or more generally from attacks involving IP
address spoofing), as in the case of a Smurf attack packets with
the victim's source address entering from the wrong interface
will be dropped on the floor.

If you still think this doesn't help or isn't useful, I propose
that we take it to private e-mail (?).


- HÃ¥vard


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]