North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: smurf, the MCI-developed tracing tools
On Sun, Dec 28, 1997 at 09:17:28PM -0700, Dax Kelson wrote: > > > Adrian wrote: > > > But this way, people can only spoof IPs from their own block, and not > > > random addresses. It would kill smurf attacks, make tracing a tad(?) > > > easier, etc, etc. And as I've mentioned before, not all types of floods > > > are ICMP attacks. If you filter ICMP, then I'll start flooding with > > > spoofed source addresses TCP packets with random sequence numbers and from > > > IPs. What, you're going to ask routers to track all the TCP connections > > > going through them now for validation? Erm, how many CPUs more are we > > > going to need..? :) > > Something else that needs to be done is we need DEFAULT anti-spoof filters > on all dialin boxes such as those made by Livingston, Ascend, USR, etc. > > When a customer calls in and gets assigned an IP address the box should > automatically apply an anti-spoof filter to that port dropping any > packets with an IP source different than the one assigned. > > Of course you need a way to overide that for customers who have networks > routed to them. The box could the RADIUS "Framed-Route" entry as a hint > to which networks to forward IPs from. > > I've had an RFE in with Livingston for over a year to get that added to > ComOS. > > Dax Kelson > Internet Connect, Inc. Actually, if you have a "Framed-Route" entry, that's all you need. I'll talk to Livingston about this. They, uh, listen to our "suggestions"; we're a rather large user of their products. :-) -- -- Karl Denninger ([email protected])| MCSNet - Serving Chicagoland and Wisconsin http://www.mcs.net/ | T1's from $600 monthly to FULL DS-3 Service | NEW! K56Flex support on ALL modems Voice: [+1 312 803-MCS1 x219]| EXCLUSIVE NEW FEATURE ON ALL PERSONAL ACCOUNTS Fax: [+1 312 803-4929] | *SPAMBLOCK* Technology now included at no cost
|