leigh at wisper.net
Mon Dec 8 22:20:11 UTC 1997
Mike Hedlund wrote:
> Well.. the main problem with smurf is that as far as i know, it uses the
> reply from a broadcast. that will rule out tcp unless they send a direct
> flow from the attackers box to the destination/victims box. For UDP,
> you would have to send it to a broadcast, and also hope there is a udp
> service listening (ie.. a test program i wrote sent 1 udp broadcast to
> 184.108.40.206:7 and received a whole bunch of replies.. turn off small
> services on routers would be helpfull.. :)). You could also do that to
> any network, the point being.. its easier to disable simple udp services
> then to setup filters on border routers..
I guess that depends upon how many border routers you have :)
It would also help to filter outgoing traffic from your network to
you do not become the unwitting source of a smurf attack..
More information about the NANOG