fernando at frh.utn.edu.ar
Mon Sep 25 20:35:13 UTC 2006
At 10:06 25/09/2006, Ian Mason wrote:
>>One of the largest North American network providers filters/drops
>>ICMP messages so that they only pass those with a source IP
>>address that appears in their routing table.
>This is clearly reasonable as part of an effort to mitigate ICMP
>based network abuse.
As a matter of fact, most ICMP-based attacks don't require spoofing
of the source IP address. You do have to spoof the addresses in the
"original datagram" included in the ICMP payload, though.
e-mail: fernando at gont.com.ar || fgont at acm.org
PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1
More information about the NANOG