North American Network Operators Group|
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Re: SYN spoofing
- From: batz
- Date: Wed Jul 28 15:23:45 1999
On Wed, 28 Jul 1999, Joe Shaw wrote:
:Any provider who allows the passing of address space that isn't his own
:(beyond whatever transit they may provide to their peers) is shameful.
:How hard is it really to put a filter on your outbound links that says
:drop all ip traffic heading out these links that isn't from my IP space?
:It's just like martian filters for your inbound links, and we'd see a
:significant decrease in spoofing based attacks if it was more widely
:adopted. Not to mention it'll keep peers from dumping traffic on you.
As far as I can tell, if the RST packets are hitting their firewall,
it isn't just a case of filtering packets with a dst of an rfc1918
If someone is spoofing a scan from 10/8, and the responses are hitting
an interface on a firewall, that means that there is a route for 10/8
somewhere in that AS pointing to that firewall, which also means that
someone is allowing their customers to leak that route to them.
This is much worse problem than simply not filtering individual packets.
I think that most of the net knows not to announce rfc1918 addrs via
bgp, it just seems that some providers are allowing these routes to
pollute their IGP which, depending on the size of the AS, is just
Chief Reverse Engineer
Superficial Intelligence Research Division