Network Operators and smurf

Phil Howard phil at charon.ipal.net
Sun Apr 26 02:48:32 UTC 1998


> Wait; all traffic is coming in one interface. The CEF thing will have no
> effect if the spoofed source address is a real network.
> 
> However, if it is a completely bogus source address (1.2.3.4 or somesuch),
> then yes, it does make it a bit easier to filter.

If the spoofer is dialed up to YOUR network, and spoofs the address of
someone else out on the net, then YOUR router should find that the source
interface is not in the list of routes for that address, and discard it.

If the spoofer is attacking YOU, then that means the network the spoofer
is attached to is NOT blocking him by this method, but SHOULD.

-- 
Phil Howard | no1way89 at dumbads5.net stop2599 at anywhere.edu ads0suck at no0place.edu
  phil      | die8spam at no1place.net no4way60 at no4place.edu end8it63 at nowhere7.org
    at      | stop2015 at no9where.edu no25ads9 at no49ads6.net end9ads6 at dumb4ads.net
  milepost  | end0ads3 at s5p0a0m8.org crash061 at anyplace.net stop5278 at anywhere.net
    dot     | no29ads0 at anyplace.net stop3305 at dumb7ads.net blow8me2 at lame2ads.com
  com       | die2spam at no9where.net stop3it9 at anyplace.org stop9ads at no6place.org



More information about the NANOG mailing list