?? rfc2644.txt
字號:
組織:中國互動出版網(http://www.china-pub.com/)
RFC文檔中文翻譯計劃(http://www.china-pub.com/compters/emook/aboutemook.htm)
E-mail:ouyang@china-pub.com
譯者:stan001(stan001 )
譯文發布時間:2001-11-24
版權:本中文翻譯文檔版權歸中國互動出版網所有??梢杂糜诜巧虡I用途自由轉載,但必須
保留本文檔的翻譯及版權信息。
Network Working Group D. Senie
Request for Comments: 2644 Amaranth Networks Inc.
Updates: 1812 August 1999
BCP: 34
Category: Best Current Practice
更改直接廣播在路由器上的缺省值
(RFC2644——Changing the Default for Directed Broadcasts in Routers)
本備忘錄的狀態
本文詳細說明了一個為網絡間交流的Internet Best Current Practices,并且要求為改進而
進行討論和建議。此備忘錄的貢獻是有限的。
版權申明
Copyright (C) The Internet Society (1999). All Rights Reserved.
1.簡介
路由器要求說明路由器必須接收和傳輸直接的廣播。它也說明路由器MUST有一個選
擇權散失了這個特征,并且這個選擇MUST缺省允許接收和傳輸的直接廣播。當直接的廣
播有用時,他們的在網間中樞使用會出現隱含著在其它網絡中的整個惡意攻擊。
為路由器改變要求的缺省將幫助確定新的路由器連接到網絡并且不會添加到已存在的
麻煩。
在本文中的關鍵字"MUST","MUST NOT","REQUIRED","SHALL","SHALL
NOT","SHOULD",SHOULD NOT","RECOMMENDED","MAY","OPTIONAL"已經在
RFC2119中詳細說明了。
2.討論的問題
破壞性的否定服務攻擊導致在過濾入口上的[2]的寫。許多網絡提供者和共享的網絡認
可這種方法的是用來確保他們的的網絡不是這類攻擊的來源。
一個在Smurf Attacks[3]里的近代趨勢是允許從外面的網絡直接廣播到目標網絡,這些
系統叫做"Smurf Amplifiers"。
在入口過濾器的不斷執行時即使是只見廣播也要權力是保證限制這種攻擊的最好辦法。
網絡服務提供者和共享網絡管理者強烈要求保證他們的網絡不受外面網絡直接廣播的
包的影響。
動態的IP[4]已經提供了在動態的節點的自動配置代理的使用中使用直接廣播。雖然一
些執行支持這種特點,但不清楚它是否有用。能達到同樣效果的其他方法在[5]里面詳細說
明。這也許值得考慮在使用直接廣播上排除語言就像作為在標準的路徑上的動態IP過程一
樣。
3.建議
路由器需求[1]被如下更新:
4.2.2.11(d)用(d){<Network-prefix>,-1}代替
直接廣播——一個廣播直接到達特定的網絡名稱。關鍵字MUST NOT被作為源地址使
用。一個路由器的MAY關鍵字有一個配置選項允許它接收直接廣播的包,然而這個選項的
關鍵字MUST被設為缺省,因此路由器MUST NOT接收網絡直接廣播的包除非在結尾有特
定的配置。
第5.3.5.2部分的第二節被如下代替:
一個路由器MAY關鍵字有一個能在一個接口上接收network-prefix直接廣播的選項并
且能夠傳輸network-prefix-directed broadcasts。這些選項的MUST缺省來模塊化接收和模塊
化傳輸network-prefix-directed broadcasts。
4.安全問題
本文的目的是減少某一特定類型的服務否定攻擊的功效。
5.參考書
[1] Baker, F., "Requirements for IP Version 4 Routers", RFC 1812,
June 1995.
[2] Ferguson, P. and D. Senie, "Ingress Filtering", RFC 2267, January
1998.
[3] See the pages by Craig Huegen at:
http://www.quadrunner.com/~chuegen/smurf.txt, and the CERT
advisory at: http://www.cert.org/advisories/CA-98.01.smurf.html.
[4] Perkins, C., "IP Mobility Support", RFC 2002, October 1996.
[5] P. Calhoun, C. Perkins, "Mobile IP Dynamic Home Address
Allocation Extensions", Work in Progress.
6. 謝意
作者非常感謝Mindspring的Brandon Ross和Sun的Gabriel Montengro。
7.作者地址
Daniel Senie
Amaranth Networks Inc.
324 Still River Road
Bolton, MA 01740
Phone: (978) 779-6813
EMail: dts@senie.com
8.版權申明
Copyrig document ht (C) The Internet Society (1999). All Rights Reserved.
This and translations of it may be copied and furnished to
others, and derivative works that comment on or otherwise explain it
or assist in its implementation may be prepared, copied, published
and distributed, in whole or in part, without restriction of any
kind, provided that the above copyright notice and this paragraph are
included on all such copies and derivative works. However, this
document itself may not be modified in any way, such as by removing
the copyright notice or references to the Internet Society or other
Internet organizations, except as needed for the purpose of
developing Internet standards in which case the procedures for
copyrights defined in the Internet Standards process must be
followed, or as required to translate it into languages other than
English.
The limited permissions granted above are perpetual and will not be
revoked by the Internet Society or its successors or assigns.
This document and the information contained herein is provided on an
"AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
RFC2644——Changing the Default for Directed Broadcasts in Routers 更改直接廣播在路由器上的缺省值
1
RFC文檔中文翻譯計劃
?? 快捷鍵說明
復制代碼
Ctrl + C
搜索代碼
Ctrl + F
全屏模式
F11
切換主題
Ctrl + Shift + D
顯示快捷鍵
?
增大字號
Ctrl + =
減小字號
Ctrl + -