Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Network Operators and smurf

  • From: Al Reuben
  • Date: Sat Apr 25 12:34:48 1998

> This should (naturally) be implemented where routing is symmetric
> and where a "reverse-path check" (looking up the source address in
> the routing table to find the "expected" incoming interface and
> checking whether the packet did indeed enter through that interface)

The big question is, what do you do if most of your traffic _is_
asymetrical? I mean, a more basic check could be, "Does the network that
this packet was sourced from exist *at all*?", or "Do I have a route back
to the source network through *any* interface?"

That would cut down on a good amount of spoofing, like the idiots who
spoof from 1.1.1.1 etc.






Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.