Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Ping flooding (fwd)

  • From: George Herbert
  • Date: Tue Jul 09 17:08:27 1996

>>If you have a very restrictive security policy, then you might want to 
>>place a packet filter on all outgoing traffic.  If your network is 
>>10.1.1.64/26, then you might have the following two rules:
>>[...]
>>Say that person X, the person who owns the network from which these pings 
>>are apparently originating, did have such a filter.  What does this do?  
>>It proves that the packets are not originating on his network.  Does it 
>>stop anyone else from forging these packets?  No.
>
>Actually it doesn't prove that.  The filter would /allow/ the pavckets to
>pass through the router since they were coming from one of his networks.  If
>everyone else on the planet had such a rule it would prove that it /was/
>coming from him.

It doesn't prevent someone at another ISP from doing that sort of attack,
but it does prevent that sort of attack from origionating at your site
using faked source addresses to cause someone else problems tracking it down.
It's not a defense for you per se, it's a defense for the rest of the net
from you.  Responsible net citizenship and all that...


-george william herbert
gherbert@crl.com

- - - - - - - - - - - - - - - - -




Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.