[14500] in North American Network Operators' Group
Re: Things to do to make the network better
daemon@ATHENA.MIT.EDU (Tom Killalea)
Mon Jan 5 13:03:50 1998
To: perry@piermont.com
cc: nanog@merit.edu
In-reply-to: Your message of Wed, 31 Dec 1997 11:14:37 -0500.
<199712311614.LAA01530@jekyll.piermont.com>
Date: Mon, 05 Jan 1998 09:56:43 -0800
From: Tom Killalea <tomk@nwnet.net>
>I will also point out that many of the recent "smurf" attacks and
>similar problems people are having on the net would be gone if people
>would just carefully filter internal/external addresses on their
>border machines, that is, prevent packets claiming to be from "inside"
>networks from coming in from the "outside", and prevent packets
>claiming to be from "outside" networks from going out from the
>"inside". The latter will stop your network from *ever* being the
>source of a wide variety of packet forgery attacks, and is necessary
>to being a good network citizen. The former will stop your network
>from being the subject of a wide variety fo packet forgery attacks,
>and is necessary to make your customers even remotely safe on the net.
I strongly recommend such filtering in sections 5.7 and 5.8 of my
"Security Expectations for Internet Service Providers" draft
ftp://ds.internic.net/internet-drafts/draft-ietf-grip-isp-02.txt
and we've heard Paul plug
ftp://ds.internic.net/internet-drafts/draft-ferguson-ingress-filtering-03.txt
here many times.
To answer Owen comments regarding the difficulty of filtering for
transit providers, I argue that filtering should happen as close to the
actual hosts as possible.
Tom.
--
Tom Killalea (425) 649-7417 NorthWestNet
tomk@nwnet.net
