Re: Actions to quiet the Smurf amplifiers?
ingress filtering .. that's a novel idea :-) -danny Phil Howard wrote:
The method involves a software design change in the routers. For each arriving packet, in addition to doing a routing lookup based on the destination, also do a routing lookup based on the source address. If the interface the packet arrived on is NOT in the list of addresses that routing back to the source suggests, then discard the packet. That will drop the majority of packets before they even read smurf amplifiers, as they are generally forge-sourced to the ultimate target of the attack. The first router hop with this implemented where the source address is invalid will stop the attack. The core backbone probably does not need to have this enabled, but all the leafs from it should to ensure no forged sources can get through.
Danny McPherson writes...
ingress filtering .. that's a novel idea :-)
"smart" ingress filtering, as opposed to hard coded filtering, which is already done a lot. It would come at some costs, as every packet would have to have 2 routing lookups done for it, one of which must return or compare against all routes, not just the best route. -- -- *-----------------------------* Phil Howard KA9WGN * -- -- | Inturnet, Inc. | Director of Internet Services | -- -- | Business Internet Solutions | eng at intur.net | -- -- *-----------------------------* philh at intur.net * --
participants (2)
-
Danny McPherson
-
Phil Howard