[nsp] known networks for broadcast ping attacks
Jay R. Ashworth
jra at scfn.thpl.lib.fl.us
Wed Jul 30 19:23:27 UTC 1997
On Wed, Jul 30, 1997 at 07:56:11PM +0100, Alex.Bligh wrote:
> Urm, 192.41.177.255 is the MAE-East LAN ?! Are you saying attacks are
> being mounted from here or people are attacking this LAN (not
> sure which is more worrying)
What he's saying is that someone is mounting broadcast ping flooding
attacks with forged source addresses which make them appear to be
coming from MAE-East, among other places.
He correctly notes that this _must_ be fixed at the boundary routers.
Network operators: _please_ make sure your boundary routers do not
allow you to send packets upstream which have source addresses on them
which are not on your networks. Filters are your friend. A source
address of 127.anything is pretty uncool, too, as are broadcast
addresses... although those can be harder to figure out nowadays.
Cheers,
-- jra
--
Jay R. Ashworth jra at baylink.com
Member of the Technical Staff Unsolicited Commercial Emailers Sued
The Suncoast Freenet "People propose, science studies, technology
Tampa Bay, Florida conforms." -- Dr. Don Norman +1 813 790 7592
More information about the NANOG
mailing list