|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Network Operators and smurf
On Fri, Apr 24, 1998 at 06:39:28PM -0400, Dean Anderson wrote: > >Dean, but I'd be happy to be proven wrong. > > There isn't a simple knob, but then it isn't simple to know what a forgery > is. You to have tell the router. The router doesn't know what you and > other people "own", but you can tell it. I'd say there isn't a way to make > a simple on/off knob for that, because there isn't any way to tell who you > will transit for and who you won't. > > Or, another perhaps better way is to only accept packets from your customer > networks which are sourced from those networks. Each customer interface > then has an inbound filter the blocks everything not sourced from your > customers network. That was the idea. I was, as noted, mostly talking about router interfaces with only one network (block) behind it. I gather a large part of it comes from dialups, where the remote network is a /32. in any event, I'm not sure I made the query explicit enough, from a couple of replies I got: the knob I'm specifically interested in says "don't forward packets with source addresses that can't be routed back out this port". Cheers, -- jra -- Jay R. Ashworth [email protected] Member of the Technical Staff Unsolicited Commercial Emailers Sued The Suncoast Freenet "Two words: Darth Doogie." -- Jason Colby, Tampa Bay, Florida on alt.fan.heinlein +1 813 790 7592 Managing Editor, Top Of The Key sports e-zine ------------ http://www.totk.com
|