Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Network Operators and smurf

  • From: Alex P. Rudnev
  • Date: Mon Apr 27 06:45:04 1998

Usially the low-end traffic is symmetrical. The problem is that CEF code 
and other anty-frauding realisations are appearing for the high-end 
routers, white they are nessesary for the low-end routers and useless for 
the core routers. For cisco, we need this future for 4500/4700/3640/2511 
ASAP, 720x slightly, and don't need it for 75xx at all.

On Sat, 25 Apr 1998, Al Reuben wrote:

> Date: Sat, 25 Apr 1998 12:30:50 -0400 (EDT)
> From: Al Reuben <>
> To:
> Cc:,
> Subject: Re: Network Operators and smurf
> > This should (naturally) be implemented where routing is symmetric
> > and where a "reverse-path check" (looking up the source address in
> > the routing table to find the "expected" incoming interface and
> > checking whether the packet did indeed enter through that interface)
> The big question is, what do you do if most of your traffic _is_
> asymetrical? I mean, a more basic check could be, "Does the network that
> this packet was sourced from exist *at all*?", or "Do I have a route back
> to the source network through *any* interface?"
> That would cut down on a good amount of spoofing, like the idiots who
> spoof from etc.

Aleksei Roudnev, Network Operations Center, Relcom, Moscow
(+7 095) 194-19-95 (Network Operations Center Hot Line),(+7 095) 239-10-10, N 13729 (pager)
(+7 095) 196-72-12 (Support), (+7 095) 194-33-28 (Fax)

Discussion Communities

About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home

Merit Network, Inc.