North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: ICMP Attacks???????

  • From: Josh Beck
  • Date: Thu Aug 21 21:26:17 1997

> A router knows the network number and mask of each network to which it
> has an interface.  Does it not make sense that the default thing for
> that router to do would be to trash incoming packets which carry a
> source address not on the network associated with that interface. 

Given the predominance of Ascend in the marketplace, and their general
configuration style, it would be cool to see an option
"AllowIpSpoofing=Yes/No" or the like. The boxes already carry routes
associated with each interface. If a packet arrives that doesn't have a
route to get it back to the interface it came from, it would be dropped.
Sure, this may not always be what you want, but in 99% of the cases it
would be. Implementation via Radius would permit this to be removed from
people you wish to allow to spoof. :)

Josh Beck                                         [email protected]
----------------------------------------------------------------------
CONNECTNet INS, Inc.      Phone: (619)450-0254      Fax: (619)450-3216
6370 Lusk Blvd., Suite F-208                       San Diego, CA 92121
----------------------------------------------------------------------