[nsp] known networks for broadcast ping attacks
Greg Ketell
gketell at cisco.com
Tue Aug 12 17:00:55 UTC 1997
-----BEGIN PGP SIGNED MESSAGE-----
At 05:14 PM 8/12/97 +0100, you wrote:
>
>> All this talk of spoofing is getting me a bit confused. What
exactly is
>> the difference between source-routing and spoofing?
>>
>> Just trying to understand a bit more,
>>
>> Charles
[Rtr A] --------- | internet cloud | -----------[Rtr B]
-------------------------
|----------[Rtr C]
Spoofing:
Some hacker connected to Rtr C sends a packet to Rtr B altering
the packet so the source address says it came from Rtr B. If
your (you are behind B) filters don't block packets from the
internet coming from yourself then the hacker is into your
network.
Source Routing:
Hacker is behind C. He finds out that you fully trust A and do
no filtering for A. He sends packets to your network via Rtr A.
In this case they go from C to A to B but the hacker does not
have to be smart enough to alter the packets, he just sets the
source route option and he is into your network.
So, as protection for others you turn off source routing. As
protection for yourself you setup up filters that say "deny all
inbound packets coming from my network". As further protection
for others you setup filters that say "deny all outbound packets
that are Not from my network". If all ISPs were to do this last
one then hacking would pretty much stop because hackers would be
caught in a second.
GK
-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.0
Charset: noconv
iQEVAwUBM/CWpG384++etaQJAQGPuwf+KLEpMDdvboWmnnHbHcwsFEHlNCgnKYXL
TZM6yZoJPx7TGC0kzm//3hDXVA2MX4gIbFsI96Bf/GBKDArzIjFGwVZHG94vV6uA
V9t1szjo6VGSfnfqGdG3TIkl/3yVeHU9WGsYL8OaDRZDvQT17FO8d/xCT74igh85
FtDlMSf/vBY9K8sZb9yEvKaUXI+eIPbcUjqSEfdh3NV8L7mWiBkwWskky87PSIvl
3DpmjhDiJwjhSNslXb8p5pniLeOtp3qdvZzHAKoDfr0/XepXBFH/VQ4JRSAbuvm7
jojUK8DEJfkCvTQ9P022hvvXYAKwjqwgDaOK7R95/WKFETROakLvxg==
=FIS/
-----END PGP SIGNATURE-----
More information about the NANOG
mailing list