Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Network Operators and smurf

  • From: Havard.Eidnes
  • Date: Sat Apr 25 12:37:34 1998

> > This should (naturally) be implemented where routing is symmetric
> > and where a "reverse-path check" (looking up the source address in
> > the routing table to find the "expected" incoming interface and
> > checking whether the packet did indeed enter through that interface)
>
> The big question is, what do you do if most of your traffic
> _is_ asymetrical?

Well, in that case you can't apply this method.

It may however make sense to think of reengineering the network
so that those boxes which can't do this check sits "behind" such
a RPF-checking box.

> I mean, a more basic check could be, "Does the network that
> this packet was sourced from exist *at all*?", or "Do I have a
> route back to the source network through *any* interface?"
>
> That would cut down on a good amount of spoofing, like the
> idiots who spoof from 1.1.1.1 etc.

It would prevent simple spoofing, yes, but that would not
eliminate the Smurf attacks since to mount a Smurf attack you
need to use the victim's address as your source address, and that
one *is* typically "valid" according to the criteria you mention
above (?).

- Håvard




Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.