On Wed, 2006-09-27 at 12:41 -0400, Curtis Villamizar wrote: > In message <[EMAIL PROTECTED]> > Iljitsch van Beijnum writes: > > > > Now if this proposed wg can find a way for me to recognized spoofed > > packets when they enter my networks without cooperation from the > > source and intermediate networks, I'm all ears. > > > Create a filter at each ingress to your network taking unassigned (and > optionally also unreachable) address space. The minimal data > collection is incrementing a counter. You may also want to blackhole > the traffic with invalid source address but you don't need to do that > to do the data collection. Just counting the filter hits may be all > you want to do. If you see a spike in that traffic, notify the peer. > If they do the same, it leads back toward the source of spoofed > attacks.
That's not the universal method Iljitsch asked for. What about attacks spoofing the victim (valid address), using reflection and/or amplification through services like e.g. DNS? Methods like the detection and peer notification you describe involve manual operations. That's nowhere near the sub-second response-times you'd expect from modern network services. //per -- Per Heldal - http://heldal.eml.cc/
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Int-area mailing list [email protected] https://www1.ietf.org/mailman/listinfo/int-area
