Router modifications to deal with smurf
jhawk at bbnplanet.com
Sun Apr 26 21:59:42 UTC 1998
> We requests that your routers be configurable, at the interface
> level, to prevent the forwarding of an ICMP echo-request packet through an
> interface that has a broadcast or wire address that matches the
> destination address of that packet.
Modifications that cause the forwarding path to behave differently
for some type of packets are *bad*. ICMP echo-requests should be treated
identically to other sorts of packets.
If you s/an ICMP echo-request/an IP/, then you have the same
as "no ip directed-broadcast". Your wording is sufficiently vague such that
I can't tell if that's what you meant or not. I don't know if you're
trying to avoid being cisco-specific, or if you're being vague for some
> We also request that the default configurations of your routers be
> modified to prevent said forwarding.
I don't have a problem with this.
> We request that your routers be configurable, both globally and
> and the interface level, with the interface configuration overiding the
> global configuration, to prevent the forwarding of an IP packet with a
> source network address different from the network address of the interface
> on which it was received. We also request that the default configurations
> of your routers be modified to prevent, globally, said forwarding.
I'd be concerned that having this as a default is not necessarily
the right thing in sufficiently large numbers of situations as to
make this a bad idea.
More information about the NANOG