25 Sep
2006
25 Sep
'06
4:35 p.m.
At 10:06 25/09/2006, Ian Mason wrote:
One of the largest North American network providers filters/drops ICMP messages so that they only pass those with a source IP address that appears in their routing table.
This is clearly reasonable as part of an effort to mitigate ICMP based network abuse.
As a matter of fact, most ICMP-based attacks don't require spoofing of the source IP address. You do have to spoof the addresses in the "original datagram" included in the ICMP payload, though. Kindest regards, -- Fernando Gont e-mail: fernando@gont.com.ar || fgont@acm.org PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1