[20685] in North American Network Operators' Group
Re: Actions to quiet the Smurf amplifiers?
daemon@ATHENA.MIT.EDU (Phil Howard)
Wed Oct 21 14:32:59 1998
From: Phil Howard <phil@whistler.intur.net>
To: danny@genuity.net
Date: Wed, 21 Oct 1998 13:16:59 -0500 (CDT)
Cc: nanog@merit.net
In-Reply-To: <199810200556.FAA29381@tcb.net> from "Danny McPherson" at Oct 19, 98 10:56:46 pm
It doesn't seem to be working for me. What version of IOS does this new
feature show up in? Why hasn't it been mentioned before? Or is this not
similar enough to be usable to block smurf and other forgery?
Danny McPherson writes...
> Cisoc already has a feature similar to this, "ip verify unicast reverse-path".
>
> -danny
>
> > Danny McPherson writes...
> >
> > > ingress filtering .. that's a novel idea :-)
> >
> > "smart" ingress filtering, as opposed to hard coded filtering, which
> > is already done a lot. It would come at some costs, as every packet
> > would have to have 2 routing lookups done for it, one of which must
> > return or compare against all routes, not just the best route.
--
-- *-----------------------------* Phil Howard KA9WGN * --
-- | Inturnet, Inc. | Director of Internet Services | --
-- | Business Internet Solutions | eng at intur.net | --
-- *-----------------------------* philh at intur.net * --
