[20631] in North American Network Operators' Group
Re: Actions to quiet the Smurf amplifiers?
daemon@ATHENA.MIT.EDU (Danny McPherson)
Mon Oct 19 16:36:55 1998
To: nanog@merit.edu
From: Danny McPherson <danny@tcb.net>
Reply-To: danny@tcb.net
Date: Mon, 19 Oct 1998 12:52:03 -0700
ingress filtering .. that's a novel idea :-)
-danny
Phil Howard wrote:
>
>The method involves a software design change in the routers. For each
>arriving packet, in addition to doing a routing lookup based on the
>destination, also do a routing lookup based on the source address.
>If the interface the packet arrived on is NOT in the list of addresses
>that routing back to the source suggests, then discard the packet.
>That will drop the majority of packets before they even read smurf
>amplifiers, as they are generally forge-sourced to the ultimate target
>of the attack. The first router hop with this implemented where the
>source address is invalid will stop the attack. The core backbone
>probably does not need to have this enabled, but all the leafs from it
>should to ensure no forged sources can get through.
