North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

RE: ICMP Attacks???????

  • From: Erik E. Fair" (Time Keeper)
  • Date: Thu Aug 21 17:05:17 1997

There is another mitigation: everyone here should commit to filtering
customer packets at the customer premesis router (or at the dial in for
PPP/SLIP) such that it is not possible for a customer to send a packet into
the network that has an IP source address on it that is not assigned to
that customer. That is, no more lying about source addresses.

Each of you should also consider (depending upon how your address
allocations go - this should be cheap for a single CIDR block) filtering
all packets coming at you from elsewhere that has source addresses in your
assigned address space. That is, no one should be able to send you packets
that you appear to have originated.

This is for the terminal networks, not the transit networks.

This is an old problem. It's another variant of the TCP SYN flood thing.
These filters also help with that problem too.

	Erik Fair <fair@clock.org>