icmp rpf

Fernando Gont fernando at frh.utn.edu.ar
Mon Sep 25 20:35:13 UTC 2006


At 10:06 25/09/2006, Ian Mason wrote:

>>One of the largest North American network providers filters/drops
>>ICMP messages so that they only pass those with a source IP
>>address that appears in their routing table.
>
>This is clearly reasonable as part of an effort to mitigate ICMP
>based network abuse.

As a matter of fact, most ICMP-based attacks don't require spoofing 
of the source IP address. You do have to spoof the addresses in the 
"original datagram" included in the ICMP payload, though.

Kindest regards,

--
Fernando Gont
e-mail: fernando at gont.com.ar || fgont at acm.org
PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1








More information about the NANOG mailing list