mike at isi.net
Mon Dec 8 18:23:50 UTC 1997
On Tue, 9 Dec 1997, Adrian Chadd wrote:
> On Fri, 5 Dec 1997, Wayne Bouchard wrote:
> > threaten the most disruption of internet services. With ISDN and
> > DSL, users have the bandwidth necessary to generate even more
> > dangerous levels of traffic. If you don't think this issue affects
> > you, it does. If you're not a target, your probably being used
> > as a source.
> I agree totally.
> A couple of problems:
> * Filtering ALL ICMP is pretty silly, ICMP is there for more than just
> pings, and some of it is important.
Sure.. but it wont take a genius on the attackers side to figure out what
types arent being blocked, and use those..
> * If people start doing this, someone with a smidgen of time on their
> hands will write a ping flooder that uses random TCP or UDP packets
> with spoofed from addresses.
Well.. the main problem with smurf is that as far as i know, it uses the
reply from a broadcast. that will rule out tcp unless they send a direct
flow from the attackers box to the destination/victims box. For UDP,
you would have to send it to a broadcast, and also hope there is a udp
service listening (ie.. a test program i wrote sent 1 udp broadcast to
220.127.116.11:7 and received a whole bunch of replies.. turn off small
services on routers would be helpfull.. :)). You could also do that to
any network, the point being.. its easier to disable simple udp services
then to setup filters on border routers..
More information about the NANOG