Re: How to protect registered IP addresses
On Thu, Mar 13, 1997, 3:39:29 AM PST George Herbert wrote:
I believe you can just deny by default and allow traffic from the registered address blocks under each interface, on incoming interfaces at your central router (and sub-routers). Nice short list.
-george william herbert gherbert@crl.com
This is obviously better then nothing, and probably the most practical solution, but most networks have holes in their allocated blocks. Wouldn't some sort of authentication scheme (RADIUS/TACACS or maybe Kerbros) be a better solution? More complicated for sure. The idea would be to check the connection request to the outgoing router against some sort of database, then expiring the token after it's use. The real trick to this is checking only the initial request. Something more in the realm of switching authentication... Anyone have any ideas how something as large as a class B with say 30% address utilization on scattered addresses (non-contigeous) could be rapidly verified without checking every packet? Thanks for your indulgance, Chris Cook Network Engineer __________________________________________________________________________ Net Asset Network Operations Center 1315 Van Ness Ave., Suite 103 Fresno CA 93721 209/225-0222
Princeton has a piece of code that ARP bombs unregistered hosts. IPs that are broken get sent an ARP packet with the same IP and an ethernet address of 00:00:00:de:ad or something. This is usually enough to disable Windows 95 boxes (since they do a RARP call when they boot up to check for duplicates) and some other OSes too. This provides a quick filter before actually blocking things at the router level, which is more expensive. Of course the clueful can easily get around this, but hey. -Tung-Hui Hu / Arc Four / hhui@arcfour.com
participants (2)
-
chris@netasset.com
-
Hui-Hui Hu