Smurfing
Tatsuya Kawasaki
tatsuya at giganet.net
Wed Feb 18 01:36:32 UTC 1998
paul,
it sounds a good idea but is it possible?
I don't think cisco can filter by wrong SRC address bases.
^^^^^
you still can use still use any ip on the same segment.
(Big deal, huh? :-) )
Furthermore, it will cause some problem for Mobile IP stuff,
if I remember correctly.
regards,
tatsuya
On Tue, 17 Feb 1998, Bradley Reynolds wrote:
> > See RFC2267.
> >
> > - paul
> >
> >
> > > Good news.
> > >
> > > One more question (just is there is someone from the CISCO) - what's
> > > about source-address filtering at default for the access servers/routers?
> > > Note all this problems (SMURF, DENIAL-ATTACK, DNS-FRAUDING, etc etc) can
> > > be 100% blocked if ISP would not allow it's customers to send IP packets
> > > with the wrong SRC address. If not, they (hackers) should found new, new
> > > and new tricks to fraud any IP network.
> > >
> >
> You can apply the RPF idiom from multicast to block unicast
> flooding. This would instantly solve the problem, though I am
> not sure what overhead the path evaluation would incur.
>
> BR
>
> brad at iagnet.net
>
>
More information about the NANOG
mailing list