Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Automatic filtering - CISCO, you should think about this...

  • From: Karl Denninger
  • Date: Sun Dec 28 14:06:22 1997

Hi CISCO :-)

I know this isn't their list, but since most major network providers run
their stuff, this is as good a place as any to talk about this.

How about an interface keyword such as "auto-inbound-filter", which does

	At STARTUP and when the LOCAL route table changes (ie: "ip route
	xxx..." statements) the system looks at the interfaces, and the 
	local static routes, and builds an accept list for that interface.
	The list is stored in a "reserved" set of system access lists.

	Add a parmaeter which can be turned on (ie: log) which would add
	"log" to the end of the filter lists, so that anyone TRYING to smurf
	will get logged

This would totally automate the process of inbound filtering to prevent or
severely limit smurf attacks.

Since filters which are based only on the source address are relatively
cheap for the router to process, this would likely not seriously burden 
anyone in their direct connections.

I'd love to see something like this, and it would reduce the complaint that
its "too hard to manage" such things.

Karl Denninger (karl@MCS.Net)| MCSNet - Serving Chicagoland and Wisconsin          | T1's from $600 monthly to FULL DS-3 Service
			     | NEW! K56Flex support on ALL modems
Fax:   [+1 312 803-4929]     | *SPAMBLOCK* Technology now included at no cost

Discussion Communities

About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home

Merit Network, Inc.