mailing list archives
Re: Network Operators and smurf
From: Phil Howard <phil () charon ipal net>
Date: Sat, 25 Apr 1998 21:48:32 -0500 (CDT)
Wait; all traffic is coming in one interface. The CEF thing will have no
effect if the spoofed source address is a real network.
However, if it is a completely bogus source address (220.127.116.11 or somesuch),
then yes, it does make it a bit easier to filter.
If the spoofer is dialed up to YOUR network, and spoofs the address of
someone else out on the net, then YOUR router should find that the source
interface is not in the list of routes for that address, and discard it.
If the spoofer is attacking YOU, then that means the network the spoofer
is attached to is NOT blocking him by this method, but SHOULD.
Phil Howard | no1way89 () dumbads5 net stop2599 () anywhere edu ads0suck () no0place edu
phil | die8spam () no1place net no4way60 () no4place edu end8it63 () nowhere7 org
at | stop2015 () no9where edu no25ads9 () no49ads6 net end9ads6 () dumb4ads net
milepost | end0ads3 () s5p0a0m8 org crash061 () anyplace net stop5278 () anywhere net
dot | no29ads0 () anyplace net stop3305 () dumb7ads net blow8me2 () lame2ads com
com | die2spam () no9where net stop3it9 () anyplace org stop9ads () no6place org
Re: Network Operators and smurf Jason Lixfeld (Apr 25)
RE: Network Operators and smurf Martin, Christian (Apr 26)