[14416] in North American Network Operators' Group
Re: smurf, the MCI-developed tracing tools (was Re: Bogus
daemon@ATHENA.MIT.EDU (Paul Ferguson)
Sun Dec 28 13:42:20 1997
Date: Sun, 28 Dec 1997 13:31:48 -0500
To: Karl Denninger <karl@mcs.net>
From: Paul Ferguson <ferguson@cisco.com>
Cc: nanog@merit.edu
In-Reply-To: <19971228120533.43865@mcs.net>
At 12:05 PM 12/28/97 -0600, Karl Denninger wrote:
>
>You don't want to filter ICMPs. What you want to filter is ANYTHING which
>came from an invalid source address *at your entrance* from your customer
>connections.
>
This is documented in:
Network Ingress Filtering: Defeating Denial of Service Attacks
which employ IP Source Address Spoofing;
draft-ferguson-ingress-filtering-03.txt
At the moment, we're trying to get this evntually published as
an Informational RFC.
More information can be found at:
ftp://ftp.cert.org/pub/cert_advisories/CA-97.28.Teardrop_Land
- paul
