Home page logo
/

nanog logo nanog mailing list archives

Router modifications to deal with smurf
From: Rusty Zickefoose <rusty () mci net>
Date: Sat, 25 Apr 1998 17:29:02 -0400 (EDT)

-----BEGIN PGP SIGNED MESSAGE-----

Fun with my mailor, let me try this again.

        So, if someone, or possibly a group of someones, were to make the
following request to the various router vendors, would they be met with
approval by most of the readers? 

        We requests that your routers be configurable, at the interface
level, to prevent the forwarding of an ICMP echo-request packet through an
interface that has a broadcast or wire address that matches the
destination address of that packet.  We also request that the default
configurations of your routers be modified to prevent said forwarding.

        We request that your routers be configurable, both globally and
and the interface level, with the interface configuration overiding the
global configuration, to prevent the forwarding of an IP packet with a
source network address different from the network address of the interface
on which it was received.  We also request that the default configurations
of your routers be modified to prevent, globally, said forwarding. 


- -- 
Rusty Zickefoose  |  The most exciting phrase to hear in science,
rusty () mci net     |  the one that heralds new discoveries, is not
                  |  "Eureka!", but "That's funny ..."
                  |  -- Isaac Asimov

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBNUJVpe4+ch/bGDylAQH3uAP/ZHRdlufm9gbTUalVC9ax0H/nK7W/4S9r
QLuSEfh9N8nHTbd4wSllB2GorzM46A0XFZCKAmUWzc5wFKL5lfjGbbu6Tfd8UUOF
lxTQJYdda2ikmbLLBr8p+cUnb6BQLsA81Tst2twDc2BCf8GQsjxZvrCwh8sLCACe
q47YHAChVLk=
=htio
-----END PGP SIGNATURE-----



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault