icmp rpf

Fernando Gont fernando at frh.utn.edu.ar
Mon Sep 25 20:35:13 UTC 2006

At 10:06 25/09/2006, Ian Mason wrote:

>>One of the largest North American network providers filters/drops
>>ICMP messages so that they only pass those with a source IP
>>address that appears in their routing table.
>This is clearly reasonable as part of an effort to mitigate ICMP
>based network abuse.

As a matter of fact, most ICMP-based attacks don't require spoofing 
of the source IP address. You do have to spoof the addresses in the 
"original datagram" included in the ICMP payload, though.

Kindest regards,

Fernando Gont
e-mail: fernando at gont.com.ar || fgont at acm.org
PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1

More information about the NANOG mailing list