North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Smurfing
paul, it sounds a good idea but is it possible? I don't think cisco can filter by wrong SRC address bases. ^^^^^ you still can use still use any ip on the same segment. (Big deal, huh? :-) ) Furthermore, it will cause some problem for Mobile IP stuff, if I remember correctly. regards, tatsuya On Tue, 17 Feb 1998, Bradley Reynolds wrote: > > See RFC2267. > > > > - paul > > > > > > > Good news. > > > > > > One more question (just is there is someone from the CISCO) - what's > > > about source-address filtering at default for the access servers/routers? > > > Note all this problems (SMURF, DENIAL-ATTACK, DNS-FRAUDING, etc etc) can > > > be 100% blocked if ISP would not allow it's customers to send IP packets > > > with the wrong SRC address. If not, they (hackers) should found new, new > > > and new tricks to fraud any IP network. > > > > > > You can apply the RPF idiom from multicast to block unicast > flooding. This would instantly solve the problem, though I am > not sure what overhead the path evaluation would incur. > > BR > > [email protected] > >
|