|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: New Denial of Service Attack on Panix
On Mon, 16 Sep 1996 19:53:12 -0700 (PDT), [email protected] writes: > >On Mon, 16 Sep 1996, David J. Schmidt wrote: > >> Has someone come up with instructions on how to do source address >> filtering/verification for different brands of routers? It would be >> good if someone could put up a web page with complete instructions on >> how to do this. If this could be done quick enough we could possibly >> get the URL some publicity due to the current Panix attack. > >I would certainly publicize such a website. Although I think it would be >best if it was placed at some other site with info that ISP's should see >like perhaps www.ra.net. > >So far I've only seen Cisco filters posted. We still need to see >instructions for Livingston IRX, Bay, and Linux/FreeBSD ipfwadm Filters for Bay routers are not very difficult, owing to the graphical configuration tools. On one of my ethernet segments, all source addresses should be in the 167.142.0.0 range. Here is how I built a filter for this interface: In Site Manager, select the circuit that the filter will be applied to. Filters are built for traffic coming IN to the interface, so in this case I applied the filter to my ethernet interface. Once the interface is selected, select "Edit Circuit", then pull down Protocols->Edit IP->Traffic Filters. If this is the first filter of this type that you're creating, you'll need to create a filter template first. This template gets stored on your hard drive, so you can jump over to another router and apply the same filter template, just changing the appropriate addresses. Once you create a new template, you'll want to choose the following: Condition->IP Source Address 0.0.0.0 - 167.142.0.0 167.142.255.255 - 255.255.255.255 Action->Drop Action->Detailed Log (this is optional.. I use it) That's all there is to it. Once you create this template, then go back to the "IP Filters" screen and actually create the filter. When prompted for a template, use the one you just created. This method tells the router to allow that which you do not specifically deny. You can also create two filters, one saying "drop everything" and the other one telling it specifically what you want to allow. Personally, I prefer the first method because it seems more efficient.. Perhaps someone from Bay will comment on the optimal way to do this. No, it's not as easy to post instructions for a Bay Router as it is for a Cisco. On the other hand, it's *extremely* easy to create and manage filters using Site Manager. If anyone has questions on this, feel free to ask me or call me (515 830 0389). I've done it plenty of times and would be happy to help. -Jon ----------------------------------------------------------------- * Jon Green * Wide-Area Networking Technician * * [email protected] * Iowa Network Services, Inc. * * Finger for Geek Code/PGP * 312 8th Street, Suite 730 * * #include "std_disclaimer.h" * Des Moines, IA 50309 * ------------------------------------------------------------------------- - - - - - - - - - - - - - - - - -
|