[16464] in North American Network Operators' Group
Re: Network Operators and smurf
daemon@ATHENA.MIT.EDU (Phil Howard)
Sun Apr 26 17:05:40 1998
From: Phil Howard <phil@charon.ipal.net>
To: alex@nac.net (Al Reuben)
Date: Sat, 25 Apr 1998 21:48:32 -0500 (CDT)
Cc: nanog@merit.edu
In-Reply-To: <Pine.BSF.3.96.980425125517.13390Z-100000@iago.nac.net> from "Al Reuben" at Apr 25, 98 12:56:18 pm
> Wait; all traffic is coming in one interface. The CEF thing will have no
> effect if the spoofed source address is a real network.
>
> However, if it is a completely bogus source address (1.2.3.4 or somesuch),
> then yes, it does make it a bit easier to filter.
If the spoofer is dialed up to YOUR network, and spoofs the address of
someone else out on the net, then YOUR router should find that the source
interface is not in the list of routes for that address, and discard it.
If the spoofer is attacking YOU, then that means the network the spoofer
is attached to is NOT blocking him by this method, but SHOULD.
--
Phil Howard | no1way89@dumbads5.net stop2599@anywhere.edu ads0suck@no0place.edu
phil | die8spam@no1place.net no4way60@no4place.edu end8it63@nowhere7.org
at | stop2015@no9where.edu no25ads9@no49ads6.net end9ads6@dumb4ads.net
milepost | end0ads3@s5p0a0m8.org crash061@anyplace.net stop5278@anywhere.net
dot | no29ads0@anyplace.net stop3305@dumb7ads.net blow8me2@lame2ads.com
com | die2spam@no9where.net stop3it9@anyplace.org stop9ads@no6place.org
