Actions to quiet the Smurf amplifiers?
Danny McPherson
danny at tcb.net
Mon Oct 19 19:52:03 UTC 1998
ingress filtering .. that's a novel idea :-)
-danny
Phil Howard wrote:
>
>The method involves a software design change in the routers. For each
>arriving packet, in addition to doing a routing lookup based on the
>destination, also do a routing lookup based on the source address.
>If the interface the packet arrived on is NOT in the list of addresses
>that routing back to the source suggests, then discard the packet.
>That will drop the majority of packets before they even read smurf
>amplifiers, as they are generally forge-sourced to the ultimate target
>of the attack. The first router hop with this implemented where the
>source address is invalid will stop the attack. The core backbone
>probably does not need to have this enabled, but all the leafs from it
>should to ensure no forged sources can get through.
More information about the NANOG
mailing list