North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Router modifications to deal with smurf
> We requests that your routers be configurable, at the interface > level, to prevent the forwarding of an ICMP echo-request packet through an > interface that has a broadcast or wire address that matches the > destination address of that packet. Modifications that cause the forwarding path to behave differently for some type of packets are *bad*. ICMP echo-requests should be treated identically to other sorts of packets. If you s/an ICMP echo-request/an IP/, then you have the same as "no ip directed-broadcast". Your wording is sufficiently vague such that I can't tell if that's what you meant or not. I don't know if you're trying to avoid being cisco-specific, or if you're being vague for some other reason. > We also request that the default configurations of your routers be > modified to prevent said forwarding. I don't have a problem with this. > We request that your routers be configurable, both globally and > and the interface level, with the interface configuration overiding the > global configuration, to prevent the forwarding of an IP packet with a > source network address different from the network address of the interface > on which it was received. We also request that the default configurations > of your routers be modified to prevent, globally, said forwarding. I'd be concerned that having this as a default is not necessarily the right thing in sufficiently large numbers of situations as to make this a bad idea. --jhawk
|