Smurfing
Bradley Reynolds
brad at baz.org
Tue Feb 17 22:39:39 UTC 1998
> See RFC2267.
>
> - paul
>
>
> > Good news.
> >
> > One more question (just is there is someone from the CISCO) - what's
> > about source-address filtering at default for the access servers/routers?
> > Note all this problems (SMURF, DENIAL-ATTACK, DNS-FRAUDING, etc etc) can
> > be 100% blocked if ISP would not allow it's customers to send IP packets
> > with the wrong SRC address. If not, they (hackers) should found new, new
> > and new tricks to fraud any IP network.
> >
>
You can apply the RPF idiom from multicast to block unicast
flooding. This would instantly solve the problem, though I am
not sure what overhead the path evaluation would incur.
BR
brad at iagnet.net
More information about the NANOG
mailing list