Automatic filtering - CISCO, you should think about this...

Phil_Howard1 · December 28, 1997, 6:58pm

Karl Denninger writes...

How about an interface keyword such as "auto-inbound-filter", which does
this:

  At STARTUP and when the LOCAL route table changes (ie: "ip route
  xxx..." statements) the system looks at the interfaces, and the
  local static routes, and builds an accept list for that interface.
  The list is stored in a "reserved" set of system access lists.

  Add a parmaeter which can be turned on (ie: log) which would add
  "log" to the end of the filter lists, so that anyone TRYING to smurf
  will get logged

This would totally automate the process of inbound filtering to prevent or
severely limit smurf attacks.

Since filters which are based only on the source address are relatively
cheap for the router to process, this would likely not seriously burden
anyone in their direct connections.

I'd love to see something like this, and it would reduce the complaint that
its "too hard to manage" such things.

How about having "no-auto-inbound-filter" instead, making the default in all
new versions of IOS be to run this essential level of protection, providing
a means to turn it off only for those who know they need to turn it off.

Alex_P_Rudnev · December 29, 1997, 11:59am

> cheap for the router to process, this would likely not seriously burden
> anyone in their direct connections.
>
> I'd love to see something like this, and it would reduce the complaint that
> its "too hard to manage" such things.

How about having "no-auto-inbound-filter" instead, making the default in all
new versions of IOS be to run this essential level of protection, providing
a means to turn it off only for those who know they need to turn it off.

It was proposed to CISCO about 1 year ago. But I have head they are doing
something about this (through it's in private talks only).

--
Phil Howard | a6b5c8d2@spam4mer.org suck6it2@no90ads4.org stop6ads@anyplace.edu
  phil | w0x8y2z4@nowhere5.edu stop5ads@anyplace.org a3b4c7d6@dumbads3.org
    at | ads6suck@spam0mer.net end3ads1@no95ads2.net stop1ads@noplace2.org
  milepost | end5it79@no2where.net die3spam@s0p0a4m7.net eat05me6@dumbads3.org
    dot | end7ads9@no52ads9.edu ads5suck@no9place.net stop7074@lame9ads.edu
  com | no9spam1@lame5ads.org no94ads1@no96ads0.net stop5ads@nowhere7.net

Aleksei Roudnev, Network Operations Center, Relcom, Moscow
(+7 095) 194-19-95 (Network Operations Center Hot Line),(+7 095) 239-10-10, N 13729 (pager)
(+7 095) 196-72-12 (Support), (+7 095) 194-33-28 (Fax)