Network Operators and smurf

Phil Howard phil at charon.ipal.net
Fri Apr 24 23:55:56 UTC 1998


Dean Anderson writes...

> There isn't a simple knob, but then it isn't simple to know what a forgery
> is. You to have tell the router.  The router doesn't know what you and
> other people "own", but you can tell it.  I'd say there isn't a way to make
> a simple on/off knob for that, because there isn't any way to tell who you
> will transit for and who you won't.

[access list example not included]

It could be simple knob, and I believe it is simple to know what a forgery
is.  If the source address, when treated as a destination and used to look
up the routing entries (all of them), indicates a return path scope that
includes the actual interface or interface:gateway that the packet did
arrive from, then it is most likely not a forgery, whereas if the arrival
interface or interface:gateway is not in the list, it most likely is a
forgery.

While this might break some extreme cases of asymmetric routing, it does
appear to me to be sufficiently able to filter enough source forgeries as
to seriously discourge the practice.

Unlike access lists, this would be very easy to configure.  Unlike access
lists, it could default to enabled, which I think it should be.  Its costs
in CPU time (mostly the route lookup) could be made up for to some degree
be not having to have so many access list entries to accomplish the same
effect.  And you won't have to go update all your configurations when a
new network block is acquired, or a customer comes online with portable
address space or dual-homes (a serious situation for backbone providers).

-- 
Phil Howard | die0spam at spammer1.net no3way64 at no6place.edu suck4it4 at dumb3ads.net
  phil      | stop2ads at spammer8.net no00ads0 at spammer0.edu eat20me0 at dumb5ads.org
      at    | no28ads4 at noplace3.edu die6spam at spam3mer.edu eat4this at no7where.com
  ipal      | blow1me7 at dumbads3.com eat4this at anyplace.edu ads8suck at spam8mer.com
     dot    | eat0this at no7place.org blow7me6 at spammer1.org blow6me3 at nowhere3.edu
  com       | ads1suck at no5where.com a1b3c3d2 at anyplace.edu no0way56 at no2place.org



More information about the NANOG mailing list