North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: routing invalid IP addresses

  • From: Richard A Steenbergen
  • Date: Sat Feb 21 08:21:02 2004

On Sat, Feb 21, 2004 at 07:47:46AM -0500, Geo. wrote:
> We had an attack here last night and the attack traffic was coming from an
> IP address of x.x.255.x which isn't a valid IP address yet the traffic was
> being routed over the internet (as far as I can tell anyway). When I
> attempted to track down the source I found our cisco routers wouldn't accept
> the address as valid so it was not possible to null route or trace the
> traffic.

*GASP* Traffic with an invalid IP address being routed over the Internet? 
say it isn't so. Oh the humanity.

Actually, it is a perfectly valid IP address. You just need to turn on ip 

That means nothing however, as there is traffic with invalid source
addresses routed over the Internet all the time. Routing has nothing to do
with source IP, and everything to do with dest IP. If you want to filter
it, use an acl.

> Has anyone else ever seen this before? Clue me in?

I don't think an ordinary clue stick will do... Hrm perhaps a stick of 
clue dynamite is in order.

Richard A Steenbergen <[email protected]>
GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)