[90794] in North American Network Operators' Group
Re: Interesting new spam technique - getting a lot more popular.
daemon@ATHENA.MIT.EDU (Andrew - Supernews)
Wed Jun 14 12:58:51 2006
To: NANOG <nanog@merit.edu>
In-Reply-To: <Pine.LNX.4.62.0606140713360.20178@uplift.swm.pp.se> (Mikael
Abrahamsson's message of "Wed, 14 Jun 2006 07:17:43 +0200 (CEST)")
Date: Wed, 14 Jun 2006 17:58:14 +0100
From: "Andrew - Supernews" <andrew@supernews.net>
Errors-To: owner-nanog@merit.edu
>>>>> "Mikael" == Mikael Abrahamsson <swmike@swm.pp.se> writes:
> On Wed, 14 Jun 2006, Christopher L. Morrow wrote:
>> is it really that hard to make your foudry/extreme/cisco l3 switch
>> vlan and subnet??? Is this a education thing or a laziness thing?
>> Is this perhaps covered in a 'bcp' (not even an official IETF
>> thing, just a hosters bible sort of thing) ?
Mikael> This problem is fixed by following the BCP regarding spoof
Mikael> filtering,
Only if you also filter _OUTGOING_ traffic, by port, to allow only the
destination IPs that the customer equipment should be seeing.
Filtering the ingress direction (customer equipment -> your network)
does not help (until _everyone_ does it), since the spammer only needs
to _receive_ traffic with the hijacked IP, not send it (that can be
done from the other corner of the spammer's triangle route).
--
Andrew, Supernews
http://www.supernews.com
