[16433] in North American Network Operators' Group
Re: Network Operators and smurf
daemon@ATHENA.MIT.EDU (Al Reuben)
Sat Apr 25 12:35:23 1998
Date: Sat, 25 Apr 1998 12:30:50 -0400 (EDT)
From: Al Reuben <alex@nac.net>
To: Havard.Eidnes@runit.sintef.no
cc: jra@scfn.thpl.lib.fl.us, nanog@merit.edu
In-Reply-To: <199804251619.SAA17159@vader.runit.sintef.no>
> This should (naturally) be implemented where routing is symmetric
> and where a "reverse-path check" (looking up the source address in
> the routing table to find the "expected" incoming interface and
> checking whether the packet did indeed enter through that interface)
The big question is, what do you do if most of your traffic _is_
asymetrical? I mean, a more basic check could be, "Does the network that
this packet was sourced from exist *at all*?", or "Do I have a route back
to the source network through *any* interface?"
That would cut down on a good amount of spoofing, like the idiots who
spoof from 1.1.1.1 etc.
