North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: icmp rpf
At 10:06 25/09/2006, Ian Mason wrote:
As a matter of fact, most ICMP-based attacks don't require spoofing of the source IP address. You do have to spoof the addresses in the "original datagram" included in the ICMP payload, though.One of the largest North American network providers filters/drops ICMP messages so that they only pass those with a source IP address that appears in their routing table.This is clearly reasonable as part of an effort to mitigate ICMP based network abuse.
e-mail: firstname.lastname@example.org || email@example.com
PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1