Home page logo

nanog logo nanog mailing list archives

Re: Network Operators and smurf
From: Phil Howard <phil () charon ipal net>
Date: Sat, 25 Apr 1998 21:48:32 -0500 (CDT)

Wait; all traffic is coming in one interface. The CEF thing will have no
effect if the spoofed source address is a real network.

However, if it is a completely bogus source address ( or somesuch),
then yes, it does make it a bit easier to filter.

If the spoofer is dialed up to YOUR network, and spoofs the address of
someone else out on the net, then YOUR router should find that the source
interface is not in the list of routes for that address, and discard it.

If the spoofer is attacking YOU, then that means the network the spoofer
is attached to is NOT blocking him by this method, but SHOULD.

Phil Howard | no1way89 () dumbads5 net stop2599 () anywhere edu ads0suck () no0place edu
  phil      | die8spam () no1place net no4way60 () no4place edu end8it63 () nowhere7 org
    at      | stop2015 () no9where edu no25ads9 () no49ads6 net end9ads6 () dumb4ads net
  milepost  | end0ads3 () s5p0a0m8 org crash061 () anyplace net stop5278 () anywhere net
    dot     | no29ads0 () anyplace net stop3305 () dumb7ads net blow8me2 () lame2ads com
  com       | die2spam () no9where net stop3it9 () anyplace org stop9ads () no6place org

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]