[11772] in North American Network Operators' Group
Re: [nsp] known networks for broadcast ping attacks
daemon@ATHENA.MIT.EDU (Martin Cooper)
Tue Aug 12 12:32:34 1997
To: Charles Sprickman <spork@inch.com>
Cc: nanog@merit.edu
In-reply-to: Your message of "Tue, 12 Aug 1997 02:42:21 EDT."
<Pine.NEB.3.95.970812023816.9540C-100000@shell.inch.com>
Date: Tue, 12 Aug 1997 17:14:44 +0100
From: Martin Cooper <mjc@xara.net>
Charles Sprickman <spork@inch.com> wrote:
> On Tue, 12 Aug 1997, Jon Lewis wrote:
>
> > This may be true, but what's to stop the writers of smurf and the other
> > programs from distributing version 2 with all new network addresses?
> > Fixing the 119 networks used to attack FDT will help, but I doubt it will
> > solve the problem.
> >
> When I type "no ip source route" on a Cisco, what exactly is that doing
> for me? Is it just disallowing the router itself to generate
> source-routed packets or is it saying sink all source-routed packets?
> All this talk of spoofing is getting me a bit confused. What exactly is
> the difference between source-routing and spoofing?
>
> Just trying to understand a bit more,
>
> Charles
It prevents the Cisco from handling packets with source routing header
options set, whether locally generated, or switched. It doesn't prevent
the router generating or switching packets with invalid source addresses
e.g. packets with source addresses from inside the network entering the
router via an external interface - you need to apply access lists to the
appropriate interfaces (in the appropriate directions) to prevent this.
M.
