[11476] in North American Network Operators' Group
Re: [nsp] known networks for broadcast ping attacks
daemon@ATHENA.MIT.EDU (Paul Ferguson)
Wed Jul 30 16:31:29 1997
Date: Wed, 30 Jul 1997 15:47:42 -0400
To: "Jay R. Ashworth" <jra@scfn.thpl.lib.fl.us>
From: Paul Ferguson <pferguso@cisco.com>
Cc: cisco-nsp@cic.net, nanog@merit.edu
In-Reply-To: <19970730152327.27000@scfn.thpl.lib.fl.us>
At 03:23 PM 07/30/97 -0400, Jay R. Ashworth wrote:
>
>Network operators: _please_ make sure your boundary routers do not
>allow you to send packets upstream which have source addresses on them
>which are not on your networks. Filters are your friend. A source
>address of 127.anything is pretty uncool, too, as are broadcast
>addresses... although those can be harder to figure out nowadays.
>
This is documented in:
draft-ferguson-ingress-filtering-02.txt
- paul
