ICMP Attacks???????

Jon Green jcgreen at netins.net
Thu Aug 21 22:18:24 UTC 1997


On Thu, 21 Aug 1997 17:39:53 -0400, jra at scfn.thpl.lib.fl.us writes:

>A router knows the network number and mask of each network to which it
>has an interface.  Does it not make sense that the default thing for
>that router to do would be to trash incoming packets which carry a
>source address not on the network associated with that interface. 

I don't think that's a good idea.  The vast majority of routers that
I sell to customers are not used in Internet applications, and to add
another configuration step to enable the router to do what routers
traditionally do by default would be very confusing to the end user.
No, I think the answer really is to get some sample anti-spoofing filters
into the router documentation and find a good way to get people to
read it.  There are lots of "how to configure your router for the Internet"
types of tutorials out there, and outbound filtering should be part
of every one of them.

-Jon

     -----------------------------------------------------------------
    *      Jon Green            *         "Life's a dance             *
   *   jcgreen at netINS.net       *          you learn as you go"        *
  *  Finger for Geek Code/PGP   *                                       *
 *  #include "std_disclaimer.h" * http://www.netins.net/showcase/jcgreen *
 -------------------------------------------------------------------------



More information about the NANOG mailing list