[12046] in North American Network Operators' Group
Re: Blocking spoofing at the source (was: ICMP Attacks??)
daemon@ATHENA.MIT.EDU (David Bolen)
Fri Aug 29 19:23:15 1997
Date: Fri, 29 Aug 97 19:16:47 EDT
From: David Bolen <db3l@ans.net>
To: Robert Sanders <rsanders@mindspring.net>
Cc: nanog@merit.edu
In-Reply-To: Your message of 29 Aug 1997 18:17:21 -0400
Robert Sanders <rsanders@mindspring.net> writes:
> I plan to deploy anti-spoofing filters throughout our access network
> before the end of September. Is anybody else running or planning to
> implement similar filters?
We've been doing this (also with USR total control hardware) since we
first started handling large scale dialup IP a bit over a year ago.
Before USR had the dynamic filters, we just preloaded per-customer
filters into each box and referenced it with a normal filter id.
While we couldn't make the filters specific to the user, they did
restrict traffic to the source address block from which all dynamic
addresses were assigned, so even if they spoofed, it would still track
back to a block that ANS was identified with, and we could work
backwards through our call records to try to track it down.
-- David
/-----------------------------------------------------------------------\
\ David Bolen \ Internet: db3l@ans.net /
| ANS Communications, Inc. \ Phone: (914) 789-5327 |
/ 100 Clearbrook Road, Elmsford, NY 10523 \ Fax: (914) 789-5310 \
\-----------------------------------------------------------------------/
