Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: ICMP Attacks???????

  • From: Jon Green
  • Date: Thu Aug 21 18:46:18 1997

On Thu, 21 Aug 1997 17:39:53 -0400, jra@scfn.thpl.lib.fl.us writes:

>A router knows the network number and mask of each network to which it
>has an interface.  Does it not make sense that the default thing for
>that router to do would be to trash incoming packets which carry a
>source address not on the network associated with that interface. 

I don't think that's a good idea.  The vast majority of routers that
I sell to customers are not used in Internet applications, and to add
another configuration step to enable the router to do what routers
traditionally do by default would be very confusing to the end user.
No, I think the answer really is to get some sample anti-spoofing filters
into the router documentation and find a good way to get people to
read it.  There are lots of "how to configure your router for the Internet"
types of tutorials out there, and outbound filtering should be part
of every one of them.

-Jon

     -----------------------------------------------------------------
    *      Jon Green            *         "Life's a dance             *
   *   jcgreen@netINS.net       *          you learn as you go"        *
  *  Finger for Geek Code/PGP   *                                       *
 *  #include "std_disclaimer.h" * http://www.netins.net/showcase/jcgreen *
 -------------------------------------------------------------------------




Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.