Network Operators and smurf

Phil Howard phil at
Sun Apr 26 02:48:32 UTC 1998

> Wait; all traffic is coming in one interface. The CEF thing will have no
> effect if the spoofed source address is a real network.
> However, if it is a completely bogus source address ( or somesuch),
> then yes, it does make it a bit easier to filter.

If the spoofer is dialed up to YOUR network, and spoofs the address of
someone else out on the net, then YOUR router should find that the source
interface is not in the list of routes for that address, and discard it.

If the spoofer is attacking YOU, then that means the network the spoofer
is attached to is NOT blocking him by this method, but SHOULD.

Phil Howard | no1way89 at stop2599 at ads0suck at
  phil      | die8spam at no4way60 at end8it63 at
    at      | stop2015 at no25ads9 at end9ads6 at
  milepost  | end0ads3 at crash061 at stop5278 at
    dot     | no29ads0 at stop3305 at blow8me2 at
  com       | die2spam at stop3it9 at stop9ads at

More information about the NANOG mailing list