[15410] in North American Network Operators' Group
Re: Smurfing
daemon@ATHENA.MIT.EDU (Tatsuya Kawasaki)
Tue Feb 17 20:38:30 1998
Date: Wed, 18 Feb 1998 10:36:32 +0900 (JST)
From: Tatsuya Kawasaki <tatsuya@giganet.net>
To: nanog@merit.edu
cc: Paul Ferguson <pferguso@cisco.com>
In-Reply-To: <Pine.LNX.3.96.980217173818.23725B-100000@x0r.iagnet.net>
paul,
it sounds a good idea but is it possible?
I don't think cisco can filter by wrong SRC address bases.
^^^^^
you still can use still use any ip on the same segment.
(Big deal, huh? :-) )
Furthermore, it will cause some problem for Mobile IP stuff,
if I remember correctly.
regards,
tatsuya
On Tue, 17 Feb 1998, Bradley Reynolds wrote:
> > See RFC2267.
> >
> > - paul
> >
> >
> > > Good news.
> > >
> > > One more question (just is there is someone from the CISCO) - what's
> > > about source-address filtering at default for the access servers/routers?
> > > Note all this problems (SMURF, DENIAL-ATTACK, DNS-FRAUDING, etc etc) can
> > > be 100% blocked if ISP would not allow it's customers to send IP packets
> > > with the wrong SRC address. If not, they (hackers) should found new, new
> > > and new tricks to fraud any IP network.
> > >
> >
> You can apply the RPF idiom from multicast to block unicast
> flooding. This would instantly solve the problem, though I am
> not sure what overhead the path evaluation would incur.
>
> BR
>
> brad@iagnet.net
>
>
