Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: [nsp] known networks for broadcast ping attacks

  • From: Greg Ketell
  • Date: Tue Aug 12 13:32:09 1997


At 05:14 PM 8/12/97 +0100, you wrote:
>> All this talk of spoofing is getting me a bit confused.  What

exactly is
>> the difference between source-routing and spoofing?
>> Just trying to understand a bit more,
>> Charles

 [Rtr A] --------- | internet cloud  |  -----------[Rtr B]
                                            |----------[Rtr C]

Some hacker connected to Rtr C sends a packet to Rtr B altering 
the packet so the source address says it came from Rtr B.  If 
your (you are behind B) filters don't block packets from the 
internet coming from yourself then the hacker is into your 

Source Routing:
Hacker is behind C.  He finds out that you fully trust A and do 
no filtering for A.  He sends packets to your network via Rtr A.

 In this case they go from C to A to B but the hacker does not 
have to be smart enough to alter the packets, he just sets the 
source route option and he is into your network.

So, as protection for others you turn off source routing.  As 
protection for yourself you setup up filters that say "deny all 
inbound packets coming from my network".  As further protection 
for others you setup filters that say "deny all outbound packets

that are Not from my network".  If all ISPs were to do this last

one then hacking would pretty much stop because hackers would be

caught in a second.

Version: PGP for Personal Privacy 5.0
Charset: noconv


Discussion Communities

About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home

Merit Network, Inc.