[16421] in North American Network Operators' Group
Re: Network Operators and smurf
daemon@ATHENA.MIT.EDU (Jay R. Ashworth)
Fri Apr 24 19:06:31 1998
Date: Fri, 24 Apr 1998 18:55:53 -0400
From: "Jay R. Ashworth" <jra@scfn.thpl.lib.fl.us>
To: nanog@merit.edu
In-Reply-To: <v03007808b166c23bd41f@[198.3.136.121]>; from Dean Anderson <dean@av8.com> on Fri, Apr 24, 1998 at 06:39:28PM -0400
On Fri, Apr 24, 1998 at 06:39:28PM -0400, Dean Anderson wrote:
> >Dean, but I'd be happy to be proven wrong.
>
> There isn't a simple knob, but then it isn't simple to know what a forgery
> is. You to have tell the router. The router doesn't know what you and
> other people "own", but you can tell it. I'd say there isn't a way to make
> a simple on/off knob for that, because there isn't any way to tell who you
> will transit for and who you won't.
>
> Or, another perhaps better way is to only accept packets from your customer
> networks which are sourced from those networks. Each customer interface
> then has an inbound filter the blocks everything not sourced from your
> customers network.
That was the idea. I was, as noted, mostly talking about router
interfaces with only one network (block) behind it. I gather a large
part of it comes from dialups, where the remote network is a /32.
in any event, I'm not sure I made the query explicit enough, from a
couple of replies I got: the knob I'm specifically interested in says
"don't forward packets with source addresses that can't be routed back
out this port".
Cheers,
-- jra
--
Jay R. Ashworth jra@baylink.com
Member of the Technical Staff Unsolicited Commercial Emailers Sued
The Suncoast Freenet "Two words: Darth Doogie." -- Jason Colby,
Tampa Bay, Florida on alt.fan.heinlein +1 813 790 7592
Managing Editor, Top Of The Key sports e-zine ------------ http://www.totk.com
