Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: ICMP Attacks???????

  • From: Jay R. Ashworth
  • Date: Thu Aug 21 18:18:07 1997

On Thu, Aug 21, 1997 at 03:26:50PM -0500, Jon Green wrote:
> On Thu, 21 Aug 1997 13:18:34 -0700, fair@clock.org writes:
> >There is another mitigation: everyone here should commit to filtering
> >customer packets at the customer premesis router (or at the dial in for
> >PPP/SLIP) such that it is not possible for a customer to send a packet into
> >the network that has an IP source address on it that is not assigned to
> >that customer. That is, no more lying about source addresses.
> 
> Every time I show a customer of mine how to configure a router, I 
> try to educate them on this.  We need some kind of massive marketing
> effort to get this out to people though.  People would do it, but nobody
> knows about it.

Ok, here's a question:

A router knows the network number and mask of each network to which it
has an interface.  Does it not make sense that the default thing for
that router to do would be to trash incoming packets which carry a
source address not on the network associated with that interface. 

Certainly, you'd have to tell the router to accept all comers (except
locallly addressed packets) on the WAN interface, but you need to tell
it which interface is the default route _anyway_, so that's trivial.

And for people with multiple, routed networks behind a router, well,
they could probably be assumed to be bright enough to enable additional
net/masks for a given interface _anyway_, so that's not really a
problem either.

Someone tell me, from either a technical or marketing standpoint, why
this idea is infeasible, no?

Cheers,
-- jra
-- 
Jay R. Ashworth                                                jra@baylink.com
Member of the Technical Staff             Unsolicited Commercial Emailers Sued
The Suncoast Freenet      "People propose, science studies, technology
Tampa Bay, Florida          conforms."  -- Dr. Don Norman      +1 813 790 7592




Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.