North American Network Operators Group|
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Automatic filtering - CISCO, you should think about this...
- From: Karl Denninger
- Date: Sun Dec 28 14:06:22 1997
Hi CISCO :-)
I know this isn't their list, but since most major network providers run
their stuff, this is as good a place as any to talk about this.
How about an interface keyword such as "auto-inbound-filter", which does
At STARTUP and when the LOCAL route table changes (ie: "ip route
xxx..." statements) the system looks at the interfaces, and the
local static routes, and builds an accept list for that interface.
The list is stored in a "reserved" set of system access lists.
Add a parmaeter which can be turned on (ie: log) which would add
"log" to the end of the filter lists, so that anyone TRYING to smurf
will get logged
This would totally automate the process of inbound filtering to prevent or
severely limit smurf attacks.
Since filters which are based only on the source address are relatively
cheap for the router to process, this would likely not seriously burden
anyone in their direct connections.
I'd love to see something like this, and it would reduce the complaint that
its "too hard to manage" such things.
Karl Denninger (karl@MCS.Net)| MCSNet - Serving Chicagoland and Wisconsin
http://www.mcs.net/ | T1's from $600 monthly to FULL DS-3 Service
| NEW! K56Flex support on ALL modems
Voice: [+1 312 803-MCS1 x219]| EXCLUSIVE NEW FEATURE ON ALL PERSONAL ACCOUNTS
Fax: [+1 312 803-4929] | *SPAMBLOCK* Technology now included at no cost