[Dshield] These kind of attcks from 127.0.0.1 seems to be a REALATTCK

Barry Greene (bgreene) bgreene at cisco.com
Sat Feb 21 16:25:35 GMT 2004


 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



> As good as that idea sounds, why don't router makers default 
> their filters to the Manning draft? They can always be 
> changed, but it allows the uninformed to start with a 
> compliant filter set.

Way too many dynamics. Features like Unicast RPF (which would automatically drop any source address not in the forward table) break packet forwarding in may places inside of a network. So you need to engineer the feature into the network. Works in some situations, but not in others. But that does not mean vendors are not trying:

Search for "autosecure" on www.cisco.com.

Check out:

http://www.ietf.org/internet-drafts/draft-jones-opsec-03.txt

Check out RAT:

http://www.cisecurity.org/bench_cisco.html


-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0

iQA/AwUBQDd/ur/UEA/xivvmEQK3qQCePW86E1D780JsZ2hmT+08PdIxj08AoKDO
zKZEzJLv/5tmpEv1fKRZK2gg
=rLMP
-----END PGP SIGNATURE-----




More information about the list mailing list