[14492] in North American Network Operators' Group
Re: Things to do to make the network better
daemon@ATHENA.MIT.EDU (Owen DeLong)
Mon Jan 5 11:10:50 1998
Date: Mon, 5 Jan 1998 07:56:54 -0800
From: owen@DeLong.SJ.CA.US (Owen DeLong)
To: johnl@iecc.com, perry@piermont.com
Cc: nanog@merit.edu
> I will also point out that many of the recent "smurf" attacks and
> similar problems people are having on the net would be gone if people
> would just carefully filter internal/external addresses on their
> border machines, that is, prevent packets claiming to be from "inside"
> networks from coming in from the "outside", and prevent packets
> claiming to be from "outside" networks from going out from the
> "inside". The latter will stop your network from *ever* being the
> source of a wide variety of packet forgery attacks, and is necessary
> to being a good network citizen. The former will stop your network
> from being the subject of a wide variety fo packet forgery attacks,
> and is necessary to make your customers even remotely safe on the net.
That's great if you're a downstream provider with no transit customers.
However, when you become a transit provider, it becomes much more difficult
to determine inside vs. outside, since you're more in the middle between
two "outsides" that pass traffic through you.
Owen
