Re: Ping flood? Whats the point?

[k.baker () ITS CANTERBURY AC NZ (Kerry Baker)]

> -----Original Message-----
> From: Filip M. Gieszczykiewicz [mailto:filipg () corona eps pitt edu]
> Sent: Wednesday, 9 February 2000 14:45
> To: Kerry Baker
> Cc: INCIDENTS () SECURITYFOCUS COM
> Subject: Re: Ping flood? Whats the point?
...
> So, imagine my surprise that there are several loud advocates for not
> having ANY output rules at the firewall. Either you trust all your users
> or you take steps that you don't get yourself in trouble in the end. I
> have been streamlining the ruleset to eventually reject any output from
> leaving our LAN that doesn't fit the bill.
Why would anyone think that not filtering outbound IP addresses is good?  I
can imagine that its not done now due to either laziness, ignorance or
difficulty.

> So, do YOU filter output at your firewall? And if not, how ELSE can such
> spoofs be prevented (if one assumes you have no access to equipment
> upstream of your LAN)

Yes we do.  Only valid source IP addresses from within our network are
allowed out and we don't allow packets with source addresses that are ours
in.  We also block the IANA private network addresses from entering our
network too.  Those things seem to leak out all over the Internet.
I doubt our upstream provider does the same due to the large number of
networks under their wing, but they could if they wanted to and it would
provide another layer of protection against spoofing.

Regards,
Kerry.

-------------------------------------------------------------------
Kerry Baker                      Phone: +64 3 364 2336
NETWORK CONSULTANT                 Fax: +64 3 364 2332
Information Technology Services   http://www.canterbury.ac.nz
University of Canterbury        mailto:k.baker () its canterbury ac nz
Christchurch, New Zealand