Usially the low-end traffic is symmetrical. The problem is that CEF code and other anty-frauding realisations are appearing for the high-end routers, white they are nessesary for the low-end routers and useless for the core routers. For cisco, we need this future for 4500/4700/3640/2511 ASAP, 720x slightly, and don't need it for 75xx at all. On Sat, 25 Apr 1998, Al Reuben wrote:
Date: Sat, 25 Apr 1998 12:30:50 -0400 (EDT) From: Al Reuben <alex@nac.net> To: Havard.Eidnes@runit.sintef.no Cc: jra@scfn.thpl.lib.fl.us, nanog@merit.edu Subject: Re: Network Operators and smurf
This should (naturally) be implemented where routing is symmetric and where a "reverse-path check" (looking up the source address in the routing table to find the "expected" incoming interface and checking whether the packet did indeed enter through that interface)
The big question is, what do you do if most of your traffic _is_ asymetrical? I mean, a more basic check could be, "Does the network that this packet was sourced from exist *at all*?", or "Do I have a route back to the source network through *any* interface?"
That would cut down on a good amount of spoofing, like the idiots who spoof from 1.1.1.1 etc.
Aleksei Roudnev, Network Operations Center, Relcom, Moscow (+7 095) 194-19-95 (Network Operations Center Hot Line),(+7 095) 239-10-10, N 13729 (pager) (+7 095) 196-72-12 (Support), (+7 095) 194-33-28 (Fax)