smurf, the MCI-developed tracing tools (was Re: Bogus announcement)

• Previous message (by thread): smurf, the MCI-developed tracing tools (was Re: Bogus announcement)
• Next message (by thread): smurf, the MCI-developed tracing tools (was Re: Bogus announcement)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Karl Denninger writes...

> Then you damn well better not be permitting any of the following:
> 
> 1)	Forged source addresses (this CAN be stopped with specific filters
> 	on your interfaces, although some will bitch about the performance
> 	impact - depending on their specific choices)

Yet another case for pressing (now) ARIN (and others who allocate address
space) to do address allocation in reasonable chunk sizes instead of forcing
providers to accept little bits of address space a piece at a time.  Prefix
volume on BGP would be helped, too, by having fewer little pieces scattered
all around.  And with address space now on a paid basis, in theory people
will generally ask for what they expect to need (there will be exceptions
but they should be easy to spot), so there is more reason to actually give
out requested allocations that are not obviously inflated.


> 2)	Directed broadcasts (which are used to "create" these DOS attacks by
> 	bouncing the attack off a particularly-well-connected location,
> 	USUALLY a provider's internal infrastructure).
> 
> Block both of those and Smurfs would disappear.  If you can trace the TRUE
> source of such an attack quickly, people will go to jail for this.  The only
> reason they are popular is because the source addresses CAN be forged.

Specific information is always helpful.  Unfortunately, if it has been
given on NANOG, it can be missed due to the high noise level (yet another
issue we need to work on).  Would config examples in IOS and gated be too
much to ask for (if someone only knows one, someone who knows the other
should follow up).

> THIS CAN BE PREVENTED.

Agreed.  Let's make it easy.

-- 
Phil Howard | die3spam at spammer3.org eat4this at dumb3ads.edu no1way94 at dumbads5.org
  phil      | no0way53 at no9where.edu end9ads2 at noplace0.org stop9361 at dumb4ads.org
    at      | no7spam1 at spammer8.org die2spam at no5place.edu blow2me0 at no39ads6.edu
  milepost  | stop3it3 at lame2ads.com w2x4y9z8 at lame1ads.edu eat2this at noplace1.net
    dot     | no14ads6 at nowhere0.org no6spam1 at spam8mer.com no5way06 at nowhere3.net
  com       | die6spam at no66ads9.com stop5758 at no39ads5.org eat1this at anywhere.org

• Previous message (by thread): smurf, the MCI-developed tracing tools (was Re: Bogus announcement)
• Next message (by thread): smurf, the MCI-developed tracing tools (was Re: Bogus announcement)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]