[3368] in North American Network Operators' Group
Re: Ping flooding (fwd)
daemon@ATHENA.MIT.EDU (Justin W. Newton)
Tue Jul 9 13:44:23 1996
Date: Tue, 09 Jul 1996 13:43:34 -0400
To: Todd Graham Lewis <lists@reflections.mindspring.com>,
Michael Dillon <michael@memra.com>
From: "Justin W. Newton" <justin@erols.com>
Cc: nanog@merit.edu
At 10:43 PM 7/8/96 -0400, Todd Graham Lewis wrote:
>If you have a very restrictive security policy, then you might want to
>place a packet filter on all outgoing traffic. If your network is
>10.1.1.64/26, then you might have the following two rules:
>
>action source destination
>------ ------ -----------
>
>allow 10.1.1.64/26 *
>deny * *
>
>Of course, no one does this, because it is very time consuming for your
>router to examine every packet in this way. This translates into more
>marginal cost on your hardware for very little return.
>
>Say that person X, the person who owns the network from which these pings
>are apparently originating, did have such a filter. What does this do?
>It proves that the packets are not originating on his network. Does it
>stop anyone else from forging these packets? No.
Actually it doesn't prove that. The filter would /allow/ the pavckets to
pass through the router since they were coming from one of his networks. If
everyone else on the planet had such a rule it would prove that it /was/
coming from him.
Justin Newton
Internet Architect
Erol's Internet Services
