Home page logo

nanog logo nanog mailing list archives

Re: Router modifications to deal with smurf
From: "Jay R. Ashworth" <jra () scfn thpl lib fl us>
Date: Mon, 27 Apr 1998 18:17:44 -0400

On Sun, Apr 26, 1998 at 05:59:42PM -0400, John Hawkinson wrote:
        We request that your routers be configurable, both globally and
and the interface level, with the interface configuration overiding the
global configuration, to prevent the forwarding of an IP packet with a
source network address different from the network address of the interface
on which it was received.  We also request that the default configurations
of your routers be modified to prevent, globally, said forwarding. 

I'd be concerned that having this as a default is not necessarily
the right thing in sufficiently large numbers of situations as to
make this a bad idea.

I know we've collectively been here before, but is it not a reasonable
assumption that people whose routing patterns might be assymetrical enough
to break this as a default should be expected to be bright enough to switch
it off?

-- jra
Jay R. Ashworth                                                jra () baylink com
Member of the Technical Staff             Unsolicited Commercial Emailers Sued
The Suncoast Freenet      "Two words: Darth Doogie."  -- Jason Colby,
Tampa Bay, Florida             on alt.fan.heinlein             +1 813 790 7592

Managing Editor, Top Of The Key sports e-zine ------------ http://www.totk.com

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]