North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: smurf, the MCI-developed tracing tools
> Adrian wrote: > > But this way, people can only spoof IPs from their own block, and not > > random addresses. It would kill smurf attacks, make tracing a tad(?) > > easier, etc, etc. And as I've mentioned before, not all types of floods > > are ICMP attacks. If you filter ICMP, then I'll start flooding with > > spoofed source addresses TCP packets with random sequence numbers and from > > IPs. What, you're going to ask routers to track all the TCP connections > > going through them now for validation? Erm, how many CPUs more are we > > going to need..? :) Something else that needs to be done is we need DEFAULT anti-spoof filters on all dialin boxes such as those made by Livingston, Ascend, USR, etc. When a customer calls in and gets assigned an IP address the box should automatically apply an anti-spoof filter to that port dropping any packets with an IP source different than the one assigned. Of course you need a way to overide that for customers who have networks routed to them. The box could the RADIUS "Framed-Route" entry as a hint to which networks to forward IPs from. I've had an RFE in with Livingston for over a year to get that added to ComOS. Dax Kelson Internet Connect, Inc.