[NCLUG] Egress Filtering
Michael Dwyer
mdwyer at sixthdimension.com
Tue Aug 7 16:22:59 MDT 2001
> > Might suggest they either filter for non-existant address blocks on
the
> > network, or cut the size of the subnets.
>
> Good suggestion... but think of Charter this way: Qworst, only run
entirely
> by marketing people.
Actually, it brings up a good point. I would not like my ISP doing a
lot of filtering, but why don't they at least do egress filtering?
To explain, lets take CSU for example. (I'm not sure if they do egress
filtering or not -- they are just a convenient IP block...) Lets
imagine there is a dorm room box at 129.82.33.44. It is run by a User
who doesn't patch and has never seen a CERT warning[0][1] let alone
heard of CERT. It is, of course, rooted (Administratored?) within an
hour of being put up, and it is promptly used to start sending spoofed
Ping requests to my machine.
The ping packet comes from that CSU host to my computer, and it looks a
little like this:
From: www.whitehouse.gov
To: mdwyer's house
Message: Ping! Send me a reply!
More information about the NCLUG
mailing list