Home page logo

nanog logo nanog mailing list archives

Re: Network Operators and smurf
From: "Alex P. Rudnev" <alex () Relcom EU net>
Date: Mon, 27 Apr 1998 14:12:50 +0400 (MSD)

Usially the low-end traffic is symmetrical. The problem is that CEF code 
and other anty-frauding realisations are appearing for the high-end 
routers, white they are nessesary for the low-end routers and useless for 
the core routers. For cisco, we need this future for 4500/4700/3640/2511 
ASAP, 720x slightly, and don't need it for 75xx at all.

On Sat, 25 Apr 1998, Al Reuben wrote:

Date: Sat, 25 Apr 1998 12:30:50 -0400 (EDT)
From: Al Reuben <alex () nac net>
To: Havard.Eidnes () runit sintef no
Cc: jra () scfn thpl lib fl us, nanog () merit edu
Subject: Re: Network Operators and smurf

This should (naturally) be implemented where routing is symmetric
and where a "reverse-path check" (looking up the source address in
the routing table to find the "expected" incoming interface and
checking whether the packet did indeed enter through that interface)

The big question is, what do you do if most of your traffic _is_
asymetrical? I mean, a more basic check could be, "Does the network that
this packet was sourced from exist *at all*?", or "Do I have a route back
to the source network through *any* interface?"

That would cut down on a good amount of spoofing, like the idiots who
spoof from etc.

Aleksei Roudnev, Network Operations Center, Relcom, Moscow
(+7 095) 194-19-95 (Network Operations Center Hot Line),(+7 095) 239-10-10, N 13729 (pager)
(+7 095) 196-72-12 (Support), (+7 095) 194-33-28 (Fax)

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]