[nsp] known networks for broadcast ping attacks
gketell at cisco.com
Tue Aug 12 17:00:55 UTC 1997
-----BEGIN PGP SIGNED MESSAGE-----
At 05:14 PM 8/12/97 +0100, you wrote:
>> All this talk of spoofing is getting me a bit confused. What
>> the difference between source-routing and spoofing?
>> Just trying to understand a bit more,
[Rtr A] --------- | internet cloud | -----------[Rtr B]
Some hacker connected to Rtr C sends a packet to Rtr B altering
the packet so the source address says it came from Rtr B. If
your (you are behind B) filters don't block packets from the
internet coming from yourself then the hacker is into your
Hacker is behind C. He finds out that you fully trust A and do
no filtering for A. He sends packets to your network via Rtr A.
In this case they go from C to A to B but the hacker does not
have to be smart enough to alter the packets, he just sets the
source route option and he is into your network.
So, as protection for others you turn off source routing. As
protection for yourself you setup up filters that say "deny all
inbound packets coming from my network". As further protection
for others you setup filters that say "deny all outbound packets
that are Not from my network". If all ISPs were to do this last
one then hacking would pretty much stop because hackers would be
caught in a second.
-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.0
-----END PGP SIGNATURE-----
More information about the NANOG