SMURF amplifier block list
Dean Anderson
dean at av8.com
Sat Apr 18 19:48:57 UTC 1998
>> During an in progress attack, you probably have to take extreme measures,
>Do you remember - it's not attack against you or attack by some of your
>customer's networks used as amplifier, but the attack initiated from your
>own network. You never note such thing withouth some permanent
>measurement.
Oops. I misunderstood this first time round. I don't think you can easily
detect smurf initiations, because you have to guess at the broadcast
address.
I think it is much easier to detect and block forged source addresses,
which are also necessary for the hacker who is operating out of your
network.
--Dean
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Plain Aviation, Inc dean at av8.com
LAN/WAN/UNIX/NT/TCPIP/DCE http://www.av8.com
We Make IT Fly! (617)242-3091 x246
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
More information about the NANOG
mailing list